SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Ntpd Vendors:   Mills, David L. et al
Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1032031
SecurityTracker URL:  http://securitytracker.com/id/1032031
CVE Reference:   CVE-2015-1799   (Links to External Site)
Date:  Apr 7 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 4.2.8p2
Description:   A vulnerability was reported in Ntpd. A remote user can cause denial of service conditions on the target system.

A remote user with knowledge of a symmetric association between two hosts can periodically send a specially crafted packet to one host of the symmetric association to cause both hosts to fail to synchronize.

Systems that are configured to use symmetric key authentication are affected.

Miroslav Lichvar of Red Hat reported this vulnerability.

Impact:   A remote user can cause two hosts of a symmetric association to fail to synchronize.
Solution:   The vendor has issued a fix (4.2.8p2, 4.3.14).

The vendor's advisory is available at:

http://support.ntp.org/bin/view/Main/SecurityNotice#Authentication_doesn_t_protect_s

Vendor URL:  support.ntp.org/bin/view/Main/SecurityNotice#Authentication_doesn_t_protect_s (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 7 2015 (FreeBSD Issues Fix) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
FreeBSD has issued a fix for FeeBSD 8.4, 9.3, and 10.1.
Apr 10 2015 (Cisco Issues Fix for Cisco WebEx Meetings Server) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
Cisco has issued a fix for Cisco WebEx Meetings Server.
Apr 10 2015 (Cisco Issues Advisory for Cisco IOS/IOS XE) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
Cisco has issued an advisory for Cisco IOS and IOS XE.
Apr 10 2015 (Cisco Issues Advisory for Cisco ASA CX) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
Cisco has issued an advisory for Cisco ASA CX.
Apr 10 2015 (Cisco Issues Advisory for Cisco Prime Security Manager) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
Cisco has issued an advisory for Cisco Prime Security Manager.
Apr 10 2015 (Cisco Issues Advisory for Cisco Intrusion Prevention System) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
Cisco has issued an advisory for Cisco Intrusion Prevention System.
Apr 10 2015 (Cisco Issues Fix for Cisco Prime Collaboration Assurance) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
Cisco has issued an advisory for Cisco Prime Collaboration Assurance.
Apr 10 2015 (Cisco Issues Advisory for Cisco UCS Central) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
Cisco has issued an advisory for Cisco UCS Central.
Apr 10 2015 (Cisco Issues Advisory for Cisco MDS 9000) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
Cisco has issued an advisory for Cisco MDS 9000.
Apr 10 2015 (Cisco Issues Fix for Cisco Nexus 1000V/7000) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
Cisco has issued an advisory for Cisco Nexus 1000V and 7000.
Apr 14 2015 (Ubuntu Issues Fix) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
Ubuntu has issued a fix for Ubuntu 12.04 LTS, 14.04 LTS, and 14.10.
May 5 2015 (McAfee Issues Fix for McAfee Asset Manager) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
McAfee has issued a fix for McAfee Asset Manager.
May 20 2015 (HP Issues Fix for HP-UX) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
HP has issued a fix for HP-UX 11.31.
Jun 30 2015 (IBM Issues Fix for IBM AIX) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
IBM has issued a fix for IBM AIX 6.1 and 7.1.
Jul 11 2015 (McAfee Issues Fix for McAfee Firewall Enterprise) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
McAfee has issued a fix for McAfee Firewall Enterprise.
Jul 24 2015 (Red Hat Issues Fix) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Nov 24 2015 (Oracle Issues Fix for Oracle Linux) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 7.
Nov 25 2015 (Red Hat Issues Fix) Ntpd Symmetric Mode Packet Processing Flaw Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC