Executive Summary

Summary
Title NTP.org ntpd is vulnerable to denial of service and other vulnerabilities
Informations
Name VU#321640 First vendor Publication 2016-06-02
Vendor VU-CERT Last vendor Modification 2016-06-02
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#321640

NTP.org ntpd is vulnerable to denial of service and other vulnerabilities

Original Release date: 02 Jun 2016 | Last revised: 02 Jun 2016

Overview

NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities.

Description

NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTP's security advisory listing and in the individual links below.

CRYPTO-NAK denial of service introduced in Sec 3007 patch. See Sec 3046, CVE-2016-4957. The CVSS score below describes this vulnerability.

Bad authentication demobilizes ephemeral associations. See Sec 3045, CVE-2016-4953.

Processing of spoofed server packets affects peer variables. See Sec 3044, CVE-2016-4954.

Autokey associations may be reset when repeatedly receiving spoofed packets. See Sec 3043, CVE-2016-4955.

Broadcast associations are not covered in Sec 2978 patch, which may be leveraged to flip broadcast clients into interleave mode. See Sec 3042, CVE-2016-4956.

Impact

Unauthenticated, remote attackers may be able to spoof or send specially crafted packets to create denial of service conditions.

Solution

Apply an update

The vendor has released version 4.2.8p8 to address these issues. Users are encouraged to update to the latest release. Those unable to update should consider mitigations listed in NTP's security advisory listing.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
NTP ProjectAffected25 May 201602 Jun 2016
ACCESSUnknown27 May 201627 May 2016
Alcatel-LucentUnknown27 May 201627 May 2016
AppleUnknown27 May 201627 May 2016
Arista Networks, Inc.Unknown27 May 201627 May 2016
Aruba NetworksUnknown27 May 201627 May 2016
AT&TUnknown27 May 201627 May 2016
Avaya, Inc.Unknown27 May 201627 May 2016
Belkin, Inc.Unknown27 May 201627 May 2016
Blue Coat SystemsUnknown27 May 201627 May 2016
CA TechnologiesUnknown27 May 201627 May 2016
CentOSUnknown27 May 201627 May 2016
Check Point Software TechnologiesUnknown27 May 201627 May 2016
CiscoUnknown27 May 201627 May 2016
CoreOSUnknown27 May 201627 May 2016
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

GroupScoreVector
Base7.8AV:N/AC:L/Au:N/C:N/I:N/A:C
Temporal6.4E:F/RL:OF/RC:C
Environmental6.4CDP:N/TD:H/CR:ND/IR:ND/AR:ND

References

  • http://support.ntp.org/bin/view/Main/NtpBug3007
  • http://support.ntp.org/bin/view/Main/NtpBug3046
  • http://support.ntp.org/bin/view/Main/NtpBug3045
  • http://support.ntp.org/bin/view/Main/NtpBug3044
  • http://support.ntp.org/bin/view/Main/NtpBug3043
  • http://support.ntp.org/bin/view/Main/NtpBug2978
  • http://support.ntp.org/bin/view/Main/NtpBug3042

Credit

The NTP Project credits Nicolas Edet of Cisco, Miroslav Lichvar of Red Hat, and Jakub Prokes of Red Hat for reporting these vulnerabilities.

This document was written by Joel Land.

Other Information

  • CVE IDs:CVE-2016-4953CVE-2016-4954CVE-2016-4955CVE-2016-4956CVE-2016-4957
  • Date Public:02 Jun 2016
  • Date First Published:02 Jun 2016
  • Date Last Updated:02 Jun 2016
  • Document Revision:8

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/321640

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-362 Race Condition
25 % CWE-476 NULL Pointer Dereference
25 % CWE-287 Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 898
Application 1
Application 1
Application 1
Os 1
Os 1
Os 1
Os 2
Os 1
Os 4

Snort® IPS/IDS

Date Description
2018-03-23 NTP crypto-NAK denial of service attempt
RuleID : 45693 - Revision : 3 - Type : SERVER-OTHER
2017-12-13 NTP crypto-NAK denial of service attempt
RuleID : 44756 - Revision : 3 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2017-07-10 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1125.nasl - Type : ACT_GATHER_INFO
2017-07-10 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1124.nasl - Type : ACT_GATHER_INFO
2017-04-04 Name : The remote AIX host has a version of NTP installed that is affected by multip...
File : aix_ntp_v4_advisory7.nasl - Type : ACT_GATHER_INFO
2016-12-21 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL82644737.nasl - Type : ACT_GATHER_INFO
2016-12-21 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL64505405.nasl - Type : ACT_GATHER_INFO
2016-12-21 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL03331206.nasl - Type : ACT_GATHER_INFO
2016-10-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3096-1.nasl - Type : ACT_GATHER_INFO
2016-09-08 Name : The remote AIX host is missing a security patch.
File : aix_IV87939.nasl - Type : ACT_GATHER_INFO
2016-09-08 Name : The remote AIX host is missing a security patch.
File : aix_IV87615.nasl - Type : ACT_GATHER_INFO
2016-09-08 Name : The remote AIX host is missing a security patch.
File : aix_IV87614.nasl - Type : ACT_GATHER_INFO
2016-09-08 Name : The remote AIX host is missing a security patch.
File : aix_IV87420.nasl - Type : ACT_GATHER_INFO
2016-09-08 Name : The remote AIX host is missing a security patch.
File : aix_IV87419.nasl - Type : ACT_GATHER_INFO
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1602-1.nasl - Type : ACT_GATHER_INFO
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1912-1.nasl - Type : ACT_GATHER_INFO
2016-08-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_7cfcea05600a11e6a6c314dae9d210b8.nasl - Type : ACT_GATHER_INFO
2016-08-02 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-727.nasl - Type : ACT_GATHER_INFO
2016-07-21 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201607-15.nasl - Type : ACT_GATHER_INFO
2016-07-15 Name : The remote Fedora host is missing a security update.
File : fedora_2016-c3bd6a3496.nasl - Type : ACT_GATHER_INFO
2016-07-15 Name : The remote Fedora host is missing a security update.
File : fedora_2016-89e0874533.nasl - Type : ACT_GATHER_INFO
2016-07-14 Name : The remote Fedora host is missing a security update.
File : fedora_2016-50b0066b7f.nasl - Type : ACT_GATHER_INFO
2016-06-21 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-750.nasl - Type : ACT_GATHER_INFO
2016-06-17 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1584-1.nasl - Type : ACT_GATHER_INFO
2016-06-17 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1568-1.nasl - Type : ACT_GATHER_INFO
2016-06-17 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1563-1.nasl - Type : ACT_GATHER_INFO
2016-06-16 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-727.nasl - Type : ACT_GATHER_INFO
2016-06-08 Name : The remote NTP server is affected by multiple vulnerabilities.
File : ntp_4_2_8p8.nasl - Type : ACT_GATHER_INFO
2016-06-06 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2016-155-01.nasl - Type : ACT_GATHER_INFO
2016-02-10 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-649.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2017-04-05 13:24:58
  • Multiple Updates
2016-07-06 00:31:04
  • Multiple Updates
2016-07-05 09:32:53
  • Multiple Updates
2016-06-09 13:27:01
  • Multiple Updates
2016-06-02 21:24:20
  • First insertion