CVE-2016-2516
Ubuntu Security Notice USN-3096-1
Severity Score
5.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.
NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92, cuando mode7 está habilitado, permite a atacantes remotos provocar una denegación de servicio (anular ntpd) usando la misma dirección IP varias veces en una directiva unconfig.
Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. An attacker could possibly use this issue to cause ntpq to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-02-20 CVE Reserved
- 2016-05-02 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/88180 | Third Party Advisory | |
| http://www.securitytracker.com/id/1035705 | Vdb Entry | |
| https://security.netapp.com/advisory/ntap-20171004-0002 | X_refsource_confirm |
|
| https://www.kb.cert.org/vuls/id/718152 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.ntp.org/bin/view/Main/NtpBug3011 | 2017-11-21 | |
| http://www.debian.org/security/2016/dsa-3629 | 2017-11-21 | |
| https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc | 2017-11-21 | |
| https://security.gentoo.org/glsa/201607-15 | 2017-11-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | <= 4.2.8 Search vendor "Ntp" for product "Ntp" and version " <= 4.2.8" | p6 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.0 Search vendor "Ntp" for product "Ntp" and version "4.3.0" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.1 Search vendor "Ntp" for product "Ntp" and version "4.3.1" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.2 Search vendor "Ntp" for product "Ntp" and version "4.3.2" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.3 Search vendor "Ntp" for product "Ntp" and version "4.3.3" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.4 Search vendor "Ntp" for product "Ntp" and version "4.3.4" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.5 Search vendor "Ntp" for product "Ntp" and version "4.3.5" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.6 Search vendor "Ntp" for product "Ntp" and version "4.3.6" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.7 Search vendor "Ntp" for product "Ntp" and version "4.3.7" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.8 Search vendor "Ntp" for product "Ntp" and version "4.3.8" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.9 Search vendor "Ntp" for product "Ntp" and version "4.3.9" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.10 Search vendor "Ntp" for product "Ntp" and version "4.3.10" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.11 Search vendor "Ntp" for product "Ntp" and version "4.3.11" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.12 Search vendor "Ntp" for product "Ntp" and version "4.3.12" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.13 Search vendor "Ntp" for product "Ntp" and version "4.3.13" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.14 Search vendor "Ntp" for product "Ntp" and version "4.3.14" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.15 Search vendor "Ntp" for product "Ntp" and version "4.3.15" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.16 Search vendor "Ntp" for product "Ntp" and version "4.3.16" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.17 Search vendor "Ntp" for product "Ntp" and version "4.3.17" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.18 Search vendor "Ntp" for product "Ntp" and version "4.3.18" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.19 Search vendor "Ntp" for product "Ntp" and version "4.3.19" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.20 Search vendor "Ntp" for product "Ntp" and version "4.3.20" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.21 Search vendor "Ntp" for product "Ntp" and version "4.3.21" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.22 Search vendor "Ntp" for product "Ntp" and version "4.3.22" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.23 Search vendor "Ntp" for product "Ntp" and version "4.3.23" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.24 Search vendor "Ntp" for product "Ntp" and version "4.3.24" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.25 Search vendor "Ntp" for product "Ntp" and version "4.3.25" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.26 Search vendor "Ntp" for product "Ntp" and version "4.3.26" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.27 Search vendor "Ntp" for product "Ntp" and version "4.3.27" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.28 Search vendor "Ntp" for product "Ntp" and version "4.3.28" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.29 Search vendor "Ntp" for product "Ntp" and version "4.3.29" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.30 Search vendor "Ntp" for product "Ntp" and version "4.3.30" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.31 Search vendor "Ntp" for product "Ntp" and version "4.3.31" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.32 Search vendor "Ntp" for product "Ntp" and version "4.3.32" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.33 Search vendor "Ntp" for product "Ntp" and version "4.3.33" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.34 Search vendor "Ntp" for product "Ntp" and version "4.3.34" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.35 Search vendor "Ntp" for product "Ntp" and version "4.3.35" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.36 Search vendor "Ntp" for product "Ntp" and version "4.3.36" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.37 Search vendor "Ntp" for product "Ntp" and version "4.3.37" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.38 Search vendor "Ntp" for product "Ntp" and version "4.3.38" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.39 Search vendor "Ntp" for product "Ntp" and version "4.3.39" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.40 Search vendor "Ntp" for product "Ntp" and version "4.3.40" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.41 Search vendor "Ntp" for product "Ntp" and version "4.3.41" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.42 Search vendor "Ntp" for product "Ntp" and version "4.3.42" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.43 Search vendor "Ntp" for product "Ntp" and version "4.3.43" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.44 Search vendor "Ntp" for product "Ntp" and version "4.3.44" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.45 Search vendor "Ntp" for product "Ntp" and version "4.3.45" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.46 Search vendor "Ntp" for product "Ntp" and version "4.3.46" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.47 Search vendor "Ntp" for product "Ntp" and version "4.3.47" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.48 Search vendor "Ntp" for product "Ntp" and version "4.3.48" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.49 Search vendor "Ntp" for product "Ntp" and version "4.3.49" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.50 Search vendor "Ntp" for product "Ntp" and version "4.3.50" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.51 Search vendor "Ntp" for product "Ntp" and version "4.3.51" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.52 Search vendor "Ntp" for product "Ntp" and version "4.3.52" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.53 Search vendor "Ntp" for product "Ntp" and version "4.3.53" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.54 Search vendor "Ntp" for product "Ntp" and version "4.3.54" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.55 Search vendor "Ntp" for product "Ntp" and version "4.3.55" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.56 Search vendor "Ntp" for product "Ntp" and version "4.3.56" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.57 Search vendor "Ntp" for product "Ntp" and version "4.3.57" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.58 Search vendor "Ntp" for product "Ntp" and version "4.3.58" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.59 Search vendor "Ntp" for product "Ntp" and version "4.3.59" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.60 Search vendor "Ntp" for product "Ntp" and version "4.3.60" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.61 Search vendor "Ntp" for product "Ntp" and version "4.3.61" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.62 Search vendor "Ntp" for product "Ntp" and version "4.3.62" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.63 Search vendor "Ntp" for product "Ntp" and version "4.3.63" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.64 Search vendor "Ntp" for product "Ntp" and version "4.3.64" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.65 Search vendor "Ntp" for product "Ntp" and version "4.3.65" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.66 Search vendor "Ntp" for product "Ntp" and version "4.3.66" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.67 Search vendor "Ntp" for product "Ntp" and version "4.3.67" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.68 Search vendor "Ntp" for product "Ntp" and version "4.3.68" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.69 Search vendor "Ntp" for product "Ntp" and version "4.3.69" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.70 Search vendor "Ntp" for product "Ntp" and version "4.3.70" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.71 Search vendor "Ntp" for product "Ntp" and version "4.3.71" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.72 Search vendor "Ntp" for product "Ntp" and version "4.3.72" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.73 Search vendor "Ntp" for product "Ntp" and version "4.3.73" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.74 Search vendor "Ntp" for product "Ntp" and version "4.3.74" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.75 Search vendor "Ntp" for product "Ntp" and version "4.3.75" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.76 Search vendor "Ntp" for product "Ntp" and version "4.3.76" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.77 Search vendor "Ntp" for product "Ntp" and version "4.3.77" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.78 Search vendor "Ntp" for product "Ntp" and version "4.3.78" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.79 Search vendor "Ntp" for product "Ntp" and version "4.3.79" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.80 Search vendor "Ntp" for product "Ntp" and version "4.3.80" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.81 Search vendor "Ntp" for product "Ntp" and version "4.3.81" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.82 Search vendor "Ntp" for product "Ntp" and version "4.3.82" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.83 Search vendor "Ntp" for product "Ntp" and version "4.3.83" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.84 Search vendor "Ntp" for product "Ntp" and version "4.3.84" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.85 Search vendor "Ntp" for product "Ntp" and version "4.3.85" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.86 Search vendor "Ntp" for product "Ntp" and version "4.3.86" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.87 Search vendor "Ntp" for product "Ntp" and version "4.3.87" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.88 Search vendor "Ntp" for product "Ntp" and version "4.3.88" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.89 Search vendor "Ntp" for product "Ntp" and version "4.3.89" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.90 Search vendor "Ntp" for product "Ntp" and version "4.3.90" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.3.91 Search vendor "Ntp" for product "Ntp" and version "4.3.91" | - |
Affected
| ||||||