SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   ntp Vendors:   ntp.org
(CentOS Issues Fix) ntp Multiple Flaws Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, and Deny Service
SecurityTracker Alert ID:  1034804
SecurityTracker URL:  http://securitytracker.com/id/1034804
CVE Reference:   CVE-2015-8138   (Links to External Site)
Date:  Jan 25 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 4.2.8p6
Description:   Multiple vulnerabilities were reported in ntp. A remote user can cause denial of service conditions on the target system. A remote user can obtain potentially sensitive information on the target system. A remote user can impersonate ntp peers.

A remote user can conduct a replay attack against authenticated broadcast mode packets [CVE-2015-7973].

A remote authenticated user can exploit a key check flaw to impersonate a peer [CVE-2015-7974].

A remote user can send specially crafted data to trigger a buffer overflow in the nextvar() function in ntpq and cause the target service to crash [CVE-2015-7975].

A remote authenticated user can send an ntpq saveconfig command with specially crafted filename characters to cause unintended results [CVE-2015-7976].

A remote user can send a specially crafted ntpdc reslist command to trigger a null pointer dereference and cause the target service to crash [CVE-2015-7977].

A remote user can send a specially crafted reslist command to consume all available stack memory [CVE-2015-7978].

A remote user can send a specially crafted broadcast mode packet to cause the target broadcast client to tear down the association with the broadcast server [CVE-2015-7979].

A remote server can send a specially crafted packet with an origin timestamp of zero to bypass the timestamp validation check in certain cases [CVE-2015-8138].

A remote user can send specially crafted data to trigger an infinite loop in ntpq [CVE-2015-8158].

A remote user can trigger an origin leak in ntpq and ntpdc to obtain potentially sensitive information [CVE-2015-8139].

A remote user on the local network may be able to conduct replay attacks against ntpq [CVE-2015-8140].

Cisco ASIG reported these vulnerabilities.

Impact:   A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information on the target system.

A remote authenticated user can impersonate an ntp peer.

Solution:   CentOS has issued a fix for CVE-2015-8138.

i386:
b172e4c9936ba6db7e7df9a611f2ba305b0682bb0545c03ba23bc501ae7833f8 ntp-4.2.6p5-5.el6.centos.4.i686.rpm
0cbe654866db67e07ba4dbea484f6eea8136a0a23e5123dfebf1ac097162dfb4 ntpdate-4.2.6p5-5.el6.centos.4.i686.rpm
9a0cbc08c20ee5b43fd8518a2ccd0a13a274b0464a688fef4cc10b940c848993 ntp-doc-4.2.6p5-5.el6.centos.4.noarch.rpm
4fdf6a42d2a1178394d328832e70284d631a0b14535af97ffa94d659b545d4b8 ntp-perl-4.2.6p5-5.el6.centos.4.i686.rpm

x86_64:
c9bcbc789b84223a297f54197d407520f56d0d4d4775787dd0f746426d2e8866 ntp-4.2.6p5-5.el6.centos.4.x86_64.rpm
07fcdccf4e98b884fc6e99bf568fb037547d7340083ba913d598d0b53cc162d7 ntpdate-4.2.6p5-5.el6.centos.4.x86_64.rpm
9a0cbc08c20ee5b43fd8518a2ccd0a13a274b0464a688fef4cc10b940c848993 ntp-doc-4.2.6p5-5.el6.centos.4.noarch.rpm
c2069c233875863df714450ba095380586746768fab379e7fe737c915e27721f ntp-perl-4.2.6p5-5.el6.centos.4.x86_64.rpm

Source:
7a3f04e3f4c7402309a5a7cbf9a7997778298cd1dbac24efd2ca98b9d75eacec ntp-4.2.6p5-5.el6.centos.4.src.rpm

x86_64:
4b606ea94878f359cc016e2fb3545c87af50b77cab65c21ca7daa534c5a49252 ntp-4.2.6p5-22.el7.centos.1.x86_64.rpm
4a320e7a12cf9b0e662e05a5371df9fe3b8fe3881f8b489ec02fc97769ac8628 ntpdate-4.2.6p5-22.el7.centos.1.x86_64.rpm
37c9092a5fc997a11dd02bd4748024584c305f691437e4546418e453cec19c7e ntp-doc-4.2.6p5-22.el7.centos.1.noarch.rpm
b71ff70a1dfd7ed80ad43c76d651b821b5cdc3cd4360b87f244b4aff154d5387 ntp-perl-4.2.6p5-22.el7.centos.1.noarch.rpm
71e36f16c2b105c208284bdfc4d08b1e93b0822fa7f08a569043c4cefdccf4f8 sntp-4.2.6p5-22.el7.centos.1.x86_64.rpm

Source:
207b221dcadaa5ce149bd47258f23eafe973686dfe31030d689850dfe6b4d9ed ntp-4.2.6p5-22.el7.centos.1.src.rpm

Cause:   Access control error, Authentication error, Boundary error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Jan 22 2016 ntp Multiple Flaws Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, and Deny Service



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0063 Important CentOS 6 ntp Security Update


CentOS Errata and Security Advisory 2016:0063 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0063.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
b172e4c9936ba6db7e7df9a611f2ba305b0682bb0545c03ba23bc501ae7833f8  ntp-4.2.6p5-5.el6.centos.4.i686.rpm
0cbe654866db67e07ba4dbea484f6eea8136a0a23e5123dfebf1ac097162dfb4  ntpdate-4.2.6p5-5.el6.centos.4.i686.rpm
9a0cbc08c20ee5b43fd8518a2ccd0a13a274b0464a688fef4cc10b940c848993  ntp-doc-4.2.6p5-5.el6.centos.4.noarch.rpm
4fdf6a42d2a1178394d328832e70284d631a0b14535af97ffa94d659b545d4b8  ntp-perl-4.2.6p5-5.el6.centos.4.i686.rpm

x86_64:
c9bcbc789b84223a297f54197d407520f56d0d4d4775787dd0f746426d2e8866  ntp-4.2.6p5-5.el6.centos.4.x86_64.rpm
07fcdccf4e98b884fc6e99bf568fb037547d7340083ba913d598d0b53cc162d7  ntpdate-4.2.6p5-5.el6.centos.4.x86_64.rpm
9a0cbc08c20ee5b43fd8518a2ccd0a13a274b0464a688fef4cc10b940c848993  ntp-doc-4.2.6p5-5.el6.centos.4.noarch.rpm
c2069c233875863df714450ba095380586746768fab379e7fe737c915e27721f  ntp-perl-4.2.6p5-5.el6.centos.4.x86_64.rpm

Source:
7a3f04e3f4c7402309a5a7cbf9a7997778298cd1dbac24efd2ca98b9d75eacec  ntp-4.2.6p5-5.el6.centos.4.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC