SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   ntp Vendors:   ntp.org
ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
SecurityTracker Alert ID:  1035705
SecurityTracker URL:  http://securitytracker.com/id/1035705
CVE Reference:   CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550, CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519   (Links to External Site)
Date:  Apr 28 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in ntp. A remote or remote authenticated user can modify time on the target system. A remote user can cause denial of service conditions on the target system. A remote user can obtain potentially sensitive information on the target system.

A remote user can send specially crafted crypto-NAK packets with a spoofed source address of an existing peer to trigger an error in 'ntp_proto.c' and cause the preemptable client association to be demobilized [CVE-2016-1547].

A remote user can send a spoofed packet with a specially crafted timestamp to cause the target ntpd client to reject future server responses from the spoofed server. As a result, the remote user can modify the time of the target client or cause denial of service conditions on the target client [CVE-2016-1548].

A remote authenticated peer can create an arbitrary number of ephemeral associations to modify the time on the target system [CVE-2016-1549].

A remote user can send a series of specially crafted messages to potentially recover the message digest key [CVE-2016-1550].

A remote user can send specially crafted spoofed packets to a target system that fails to implement martian packet filtering to modify the time on the target system [CVE-2016-1551].

A remote user with knowledge of the controlkey (for ntpq) or the requestkey (for ntpdc) can create a specially crafted session to cause ntpd to crash in certain cases [CVE-2016-2516].

A remote authenticated user with knowledge of the of the controlkey (for ntpq) or the requestkey (for ntpdc) can create a specially crafted session to prevent ntpd from processing authentication requests until the process is restarted [CVE-2016-2517].

A remote authenticated user can send a specially crafted packet to trigger an out-of-bounds memory reference error in the MATCH_ASSOC() function when creating a peer association with hmode > 7 [CVE-2016-2518].

A remote authenticated user can cause a specially crafted data value to be stored by ntpd and then cause ntpd to crash when attempting to read the value via ctl_getitem() [CVE-2016-2519].

Matt Street, Matthew Van Gundy, Stephen Gray, Jonathan Gardner, and others of Cisco ASIG, Yihan Lian (of the Cloud Security Team, Qihoo 360), Miroslav Lichvar of RedHat, Michael Tatarinov (NTP Project Developer Volunteer), and Loganaden Velvindron reported these vulnerabilities.

Impact:   A remote or remote authenticated user can modify time on the target system.

A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information on the target system.

Solution:   The vendor has issued a fix (4.2.8p7).

The vendor's advisory is available at:

http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security

Vendor URL:  support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security (Links to External Site)
Cause:   Access control error, Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 29 2016 (FreeBSD Issues Fix) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
FreeBSD has issued a fix for FreeBSD 9.3, 10.1, 10.2, and 10.3.
May 3 2016 (Cisco Issues Advisory for Cisco ASA) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco ASA.
May 3 2016 (Cisco Issues Advisory for Cisco Prime Security Manager) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Prime Security Manager.
May 3 2016 (Cisco Issues Advisory for Cisco Content Security Management Appliance) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Content Security Management Appliance.
May 4 2016 (Cisco Issues Advisory for Cisco Prime Collaboration Assurance) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Prime Collaboration Assurance.
May 4 2016 (Cisco Issues Advisory for Cisco Unified Computing System) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Unified Computing System.
May 4 2016 (Cisco Issues Advisory for Cisco Connected Grid Products) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Connected Grid Products.
May 4 2016 (Cisco Issues Advisory for Cisco Nexus 9000) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Nexus 9000 Series Switches.
May 4 2016 (Cisco Issues Advisory for Cisco Service Control Operating System) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Service Control Operating System.
May 4 2016 (Cisco Issues Advisory for Cisco Unified Computing System) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Unified Computing System.
May 4 2016 (Cisco Issues Advisory for Cisco MediaSense) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco MediaSense.
May 4 2016 (Cisco Issues Advisory for Cisco Unified Communications Manager) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Unified Communications Manager.
May 4 2016 (Cisco Issues Advisory for Cisco Unity Express) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Unity Express.
May 4 2016 (Cisco Issues Advisory for Cisco Digital Media Products) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Digital Media Manager and Cisco Edge 300 and 400 Series Digital Media Players.
May 4 2016 (Cisco Issues Advisory for Cisco Enterprise Content Delivery System) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Enterprise Content Delivery System.
May 4 2016 (Cisco Issues Advisory for Cisco Show and Share) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Show and Share.
May 4 2016 (Cisco Issues Advisory for Cisco TelePresence CTX and VCS) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco TelePresence Exchange System (CTX) and Cisco TelePresence Video Communication Server (VCS).
May 6 2016 (Cisco Issues Advisory for Cisco Unified MeetingPlace) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Unified MeetingPlace.
May 6 2016 (Cisco Issues Advisory for Cisco Jabber Guest) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Cisco has issued an advisory for Cisco Jabber Guest.
May 31 2016 (Red Hat Issues Fix) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6 and 7.
Jun 1 2016 (Oracle Issues Fix for Oracle Linux) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Oracle has issued a fix for Oracle Linux 6 and 7.
Jul 19 2016 (Oracle Issues Fix for Oracle Fusion Middleware) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Oracle has issued a fix for Oracle Fusion Middleware/Oracle Exalogic Infrastructure.
Aug 3 2016 (Red Hat Issues Fix) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6.7.
Sep 7 2016 (IBM Issues Fix for IBM AIX) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
Sep 13 2016 (IBM Issues Fix for IBM Security Access Manager) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
IBM has issued a fix for IBM Security Access Manager.
Oct 6 2016 (Ubuntu Issues Fix) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 16.04 LTS.
Jul 6 2017 (Ubuntu Issues Fix) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Ubuntu has issued a fix for Ubuntu Linux 14.04 LTS, 16.04 LTS, 16.10, and 17.04.
Oct 26 2017 (Oracle Issues Fix for Oracle Linux) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
Oracle has issued a fix for Oracle Linux 6.
Aug 15 2018 (IBM Issues Fix for IBM AIX) ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC