SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   ntp Vendors:   ntp.org
ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1037354
SecurityTracker URL:  http://securitytracker.com/id/1037354
CVE Reference:   CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, CVE-2016-9312   (Links to External Site)
Date:  Nov 29 2016
Impact:   Denial of service via network, Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 4.2.8p9
Description:   Multiple vulnerabilities were reported in ntp. A remote user can cause the target service to crash.

On Windows-based systems with the trap service enabled, a remote user can send a specially crafted packet to trigger a null pointer dereference and cause the ntpd daemon to crash [CVE-2016-9311].

A remote user can send a specially crafted control mode packet to set and unset ntpd traps. As a result, a remote user can obtain potentially sensitive information, conduct denial of service amplification attacks, or cause monitoring to become disabled [CVE-2016-9310].

A remote user with access to the target NTP broadcast domain can inject specially crafted broadcast mode NTP packets into the NTP broadcast domain to exploit a flaw in the replay prevention function cause the target ntpd daemon to reject broadcast mode NTP packets from legitimate NTP broadcast servers [CVE-2016-7427].

A remote user with access to the target NTP broadcast domain can inject specially crafted broadcast mode NTP packets into the NTP broadcast domain to exploit a flaw in the broadcast mode poll interval enforcement function and cause the target ntpd daemon to reject broadcast mode NTP packets from legitimate NTP broadcast servers [CVE-2016-7428].

A remote user can send a specially crafted, large UDP packet to cause the target ntpd daemon to stop functioning [CVE-2016-9312]. Windows based systems are affected.

A regression error exists in the validation of zero origin timestamps [CVE-2016-7431].

On systems with ntpd configured to allow mrulist query requests from the remote user, a remote user can send a specially crafted mrulist query request packet to cause the target ntpd daemon to crash [CVE-2016-7434].

On systems with multiple interfaces on separate networks and where the operating system does not validate source addresses in received packets, a remote user can send a specially crafted packet to trigger an error in selecting the proper interface and temporarily prevent the target ntpd daemon from sending new requests [CVE-2016-7429].

On systems with ntpd configured with rate limiting for all associations, a remote user can send packets with specially crafted source addresses to keep the rate limiting function active and prevent the target ntpd daemon from accepting valid responses [CVE-2016-7426].

An error may occur in the calculation of root sync delay, causing the jitter value to be higher than expected [CVE-2016-7433].

Matthew Van Gundy of Cisco ASIG, Robert Pajak of ABB, Magnus Stubman, Miroslav Lichvar of Red Hat, Brian Utterback of Oracle, and Sharon Goldberg and Aanchal Malhotra of Boston University reported these vulnerabilities.

Impact:   A remote user can cause the target service to crash.

A remote user can obtain potentially sensitive information from the target system.

A remote user can conduct denial of service amplification attacks against other targets.

Solution:   The vendor has issued a fix (4.2.8p9).

The vendor advisory is available at:

http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se

Vendor URL:  support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 30 2016 (Cisco Issues Advisory for Cisco Application Policy Infrastructure Controller) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Cisco has issued an advisory for Cisco Application Policy Infrastructure Controller.
Nov 30 2016 (Cisco Issues Fix for Cisco Wide Area Application Services) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Cisco has issued a fix for Cisco Wide Area Application Services.
Nov 30 2016 (Cisco Issues Advisory for Cisco Universal Small Cell) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Cisco has issued a fix for Cisco Universal Small Cell 5000 and 7000 Series.
Nov 30 2016 (Cisco Issues Advisory for Cisco Application and Content Networking System) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Cisco has issued an advisory for Cisco Application and Content Networking System.
Nov 30 2016 (Cisco Issues Advisory for Cisco Jabber Guest) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Cisco has issued an advisory for Cisco Jabber Guest.
Nov 30 2016 (Cisco Issues Advisory for Cisco Application Networking Manager) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Cisco has issued an advisory for Cisco Application Networking Manager.
Nov 30 2016 (Cisco Issues Advisory for Cisco Prime Data Center Network Manager) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Cisco has issued an advisory for Cisco Prime Data Center Network Manager.
Nov 30 2016 (Cisco Issues Advisory for Cisco Connected Grid Routers) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Cisco has issued a fix for Cisco Connected Grid Routers.
Nov 30 2016 (Cisco Issues Advisory for Cisco MDS) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Cisco has issued an advisory for Cisco MDS 9000 Series.
Nov 30 2016 (Cisco Issues Advisory for Cisco Unified Communications Manager) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Cisco has issued an advisory for Cisco Unified Communications Manager.
Nov 30 2016 (Cisco Issues Advisory for Cisco NX-OS) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Cisco has issued an advisory for Cisco Nexus 1000V, 3000, 5000, 6000, 7000, and 9000 Series Switches.
Dec 22 2016 (FreeBSD Issues Fix) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
FreeBSD has issued a fix for FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0.
Jan 4 2017 (F5 Networks Issues Advisory for F5 Enterprise Manager) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
F5 Networks has issued an advisory for F5 Enterprise Manager.
Jan 4 2017 (F5 Networks Issues Advisory for F5 BIG-IP) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
F5 Networks has issued an advisory for F5 BIG-IP.
Feb 6 2017 (Red Hat Issues Fix) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6 and 7.
Feb 6 2017 (CentOS Issues Fix) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
CentOS has issued a fix for CentOS 6 and 7.
Feb 7 2017 (Oracle Issues Fix for Oracle Linux) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 6 and 7.
Mar 15 2017 (HPE Issues Fix) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
HPE has issued a fix for HP-UX 11.31.
Jun 21 2017 (IBM Issues Fix for IBM Flex System Manager) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
IBM has issued a fix for IBM Flex System Manager 1.3.2.0, 1.3.2.1, 1.3.3.0, and 1.3.4.0.
Jul 6 2017 (Ubuntu Issues Fix) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Ubuntu has issued a fix for Ubuntu Linux 14.04 LTS, 16.04 LTS, 16.10, and 17.04.
Jul 13 2017 (Juniper Issues Fix for Juniper Junos Space) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Juniper has issued a fix for Juniper Junos Space.
Aug 17 2017 (IBM Issues Fix for IBM Security Access Manager) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
IBM has issued a fix for IBM Security Access Manager.
Oct 26 2017 (Oracle Issues Fix for Oracle Linux) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 6.
Aug 29 2018 (HPE Issues Fix) ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash
HPE has issued a fix for HP-UX.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC