#VU54031 Out-of-bounds read


Published: 2021-06-10

Vulnerability identifier: #VU54031

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-2518

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ntp
Server applications / Other server solutions

Vendor: ntp.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the MATCH_ASSOC function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and cause a denial of service condition on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

ntp: 4.2.8p1, 4.2.8p2, 4.2.8p3, 4.2.8p4, 4.2.8p5, 4.2.8p6, 4.2.8p7, 4.2.8p8, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 4.3.21, 4.3.22, 4.3.23, 4.3.24, 4.3.25, 4.3.26, 4.3.27, 4.3.28, 4.3.29, 4.3.30, 4.3.31, 4.3.32, 4.3.33, 4.3.34, 4.3.35, 4.3.36, 4.3.37, 4.3.38, 4.3.39, 4.3.40, 4.3.41, 4.3.42, 4.3.43, 4.3.44, 4.3.45, 4.3.46, 4.3.47, 4.3.48, 4.3.49, 4.3.50, 4.3.51, 4.3.52, 4.3.53, 4.3.54, 4.3.55, 4.3.56, 4.3.57, 4.3.58, 4.3.59, 4.3.60, 4.3.61, 4.3.62, 4.3.63, 4.3.64, 4.3.65, 4.3.66, 4.3.67, 4.3.68, 4.3.69, 4.3.70, 4.3.71, 4.3.72, 4.3.73, 4.3.74, 4.3.75, 4.3.76, 4.3.77, 4.3.78, 4.3.79, 4.3.80, 4.3.81, 4.3.82, 4.3.83, 4.3.84, 4.3.85, 4.3.86, 4.3.87, 4.3.88, 4.3.89, 4.3.90, 4.3.91

CPE

External links
https://www.kb.cert.org/vuls/id/718152
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security
http://support.ntp.org/bin/view/Main/NtpBug3009
http://www.securityfocus.com/bid/88226
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://security.gentoo.org/glsa/201607-15
http://www.securitytracker.com/id/1035705
http://www.debian.org/security/2016/dsa-3629
https://security.netapp.com/advisory/ntap-20171004-0002/
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
https://access.redhat.com/errata/RHSA-2016:1141
http://rhn.redhat.com/errata/RHSA-2016-1552.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability