SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   ntp Vendors:   ntp.org
ntp Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Bypass Access Controls in Certain Cases
SecurityTracker Alert ID:  1031751
SecurityTracker URL:  http://securitytracker.com/id/1031751
CVE Reference:   CVE-2014-9750, CVE-2014-9751   (Links to External Site)
Updated:  Oct 5 2015
Original Entry Date:  Feb 16 2015
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 4.2.8p1
Description:   Two vulnerabilities were reported in ntp. A remote user can cause denial of service conditions. A remote user can obtain potentially sensitive information. A remote user can bypass access controls in certain cases.

A remote user can send a specially crafted 'vallen' parameter value to trigger a validation flaw in 'ntp_crypto.c' and obtain potentially sensitive information or cause the target ntpd service to crash [CVE-2014-9750].

Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team, and Harlan Stenn of Network Time Foundation reported this vulnerability.

A remote user may be able to spoof the ::1 source address via IPv6 to bypass IPv6-based access controls [CVE-2014-9751]. Some operating systems are affected, including Apple OS X and Linux.

Stephen Roettger of the Google Security Team reported this vulnerability.

Impact:   A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information.

A remote user can bypass access controls in certain cases.

Solution:   The vendor has issued a fix (4.2.8p1).

The vendor's advisories are available at:

http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever
http://support.ntp.org/bin/view/Main/SecurityNotice#1_can_be_spoofed_on_some_OSes_so

Vendor URL:  support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 17 2015 (Ubuntu Issues Fix) ntp Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Bypass Access Controls in Certain Cases
Ubuntu has issued a fix for Ubuntu 10.04 LTS, 12.04 LTS, 14.04 LTS, and 14.10.
Feb 24 2015 (HP Issues Fix for HP-UX) ntp Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Bypass Access Controls in Certain Cases
HP has issued a fix for HP-UX 11.23 and 11.31.
Apr 7 2015 (FreeBSD Issues Fix) ntp Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Bypass Access Controls in Certain Cases
FreeBSD has issued a fix for FeeBSD 8.4, 9.3, and 10.1.
Jun 30 2015 (IBM Issues Fix for IBM AIX) ntp Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Bypass Access Controls in Certain Cases
IBM has issued a fix for IBM AIX 6.1 and 7.1.
Jul 24 2015 (Red Hat Issues Fix) ntp Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Bypass Access Controls in Certain Cases
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Sep 11 2015 (Juniper Issues Advisory for Juniper NSM) ntp Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Bypass Access Controls in Certain Cases
Juniper has issued an advisory for Juniper NSM.
Nov 24 2015 (Oracle Issues Fix for Oracle Linux) ntp Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Bypass Access Controls in Certain Cases
Oracle has issued a fix for Oracle Linux 7.
Nov 25 2015 (Red Hat Issues Fix) ntp Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Bypass Access Controls in Certain Cases
Red Hat has issued a fix for Red Hat Enterprise Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC