CVE 2016-2518
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
Related bugs and status
CVE-2016-2518 (Candidate) is related to these bugs:
Bug #1528050: NTP statsdir cleanup cronjob insecure
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1528050 | NTP statsdir cleanup cronjob insecure | ntp (Ubuntu) | Undecided | Fix Released | ||
| 1528050 | NTP statsdir cleanup cronjob insecure | ntp (Ubuntu Wily) | Undecided | Won't Fix | ||
| 1528050 | NTP statsdir cleanup cronjob insecure | ntp (Ubuntu Xenial) | Undecided | Fix Released | ||
Bug #1567540: ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1567540 | ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.) | ntp (Ubuntu) | High | Fix Released | ||
| 1567540 | ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.) | NTP | High | Fix Released | ||
| 1567540 | ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.) | ntp (Ubuntu Xenial) | High | Fix Released | ||
Bug #1582767: apparmor permissions missing for winbind
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1582767 | apparmor permissions missing for winbind | ntp (Ubuntu) | Medium | Fix Released | ||
| 1582767 | apparmor permissions missing for winbind | ntp (Ubuntu Xenial) | Undecided | Won't Fix | ||
| 1582767 | apparmor permissions missing for winbind | ntp (Debian) | Unknown | Fix Released | ||
Bug #1625372: NTP security issues on Precise and Trusty
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1625372 | NTP security issues on Precise and Trusty | ntp (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
