VuXML ID | Description |
b2487d9a-0c30-11e6-acd0-d050996490d0 | ntp -- multiple vulnerabilities
Network Time Foundation reports:
NTF's NTP Project has been notified of the following low-
and medium-severity vulnerabilities that are fixed in
ntp-4.2.8p7, released on Tuesday, 26 April 2016:
- Bug 3020 / CVE-2016-1551: Refclock impersonation
vulnerability, AKA: refclock-peering. Reported by
Matt Street and others of Cisco ASIG
- Bug 3012 / CVE-2016-1549: Sybil vulnerability:
ephemeral association attack, AKA: ntp-sybil -
MITIGATION ONLY. Reported by Matthew Van Gundy
of Cisco ASIG
- Bug 3011 / CVE-2016-2516: Duplicate IPs on
unconfig directives will cause an assertion botch.
Reported by Yihan Lian of the Cloud Security Team,
Qihoo 360
- Bug 3010 / CVE-2016-2517: Remote configuration
trustedkey/requestkey values are not properly
validated. Reported by Yihan Lian of the Cloud
Security Team, Qihoo 360
- Bug 3009 / CVE-2016-2518: Crafted addpeer with
hmode > 7 causes array wraparound with MATCH_ASSOC.
Reported by Yihan Lian of the Cloud Security Team,
Qihoo 360
- Bug 3008 / CVE-2016-2519: ctl_getitem() return
value not always checked. Reported by Yihan Lian
of the Cloud Security Team, Qihoo 360
- Bug 3007 / CVE-2016-1547: Validate crypto-NAKs,
AKA: nak-dos. Reported by Stephen Gray and
Matthew Van Gundy of Cisco ASIG
- Bug 2978 / CVE-2016-1548: Interleave-pivot -
MITIGATION ONLY. Reported by Miroslav Lichvar of
RedHat and separately by Jonathan Gardner of
Cisco ASIG.
- Bug 2952 / CVE-2015-7704: KoD fix: peer
associations were broken by the fix for
NtpBug2901, AKA: Symmetric active/passive mode
is broken. Reported by Michael Tatarinov,
NTP Project Developer Volunteer
- Bug 2945 / Bug 2901 / CVE-2015-8138: Zero
Origin Timestamp Bypass, AKA: Additional KoD Checks.
Reported by Jonathan Gardner of Cisco ASIG
- Bug 2879 / CVE-2016-1550: Improve NTP security
against buffer comparison timing attacks,
authdecrypt-timing, AKA: authdecrypt-timing.
Reported independently by Loganaden Velvindron,
and Matthew Van Gundy and Stephen Gray of
Cisco ASIG.
Discovery 2016-04-26 Entry 2016-04-27 Modified 2016-08-09 ntp
< 4.2.8p7
ntp-devel
< 4.3.92
FreeBSD
>= 10.3 lt 10.3_1
>= 10.2 lt 10.2_15
>= 10.1 lt 10.1_32
>= 9.3 lt 9.3_40
SA-16:16.ntp
CVE-2015-7704
CVE-2015-8138
CVE-2016-1547
CVE-2016-1548
CVE-2016-1549
CVE-2016-1550
CVE-2016-1551
CVE-2016-2516
CVE-2016-2517
CVE-2016-2518
CVE-2016-2519
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
|
591a706b-5cdc-11ea-9a0a-206a8a720317 | ntp -- Multiple vulnerabilities
nwtime.org reports:
Three ntp vulnerabilities, Depending on configuration, may have
little impact up to termination of the ntpd process.
NTP Bug 3610: Process_control() should exit earlier on short
packets. On systems that override the default and enable ntpdc
(mode 7) fuzz testing detected that a short packet will cause
ntpd to read uninitialized data.
NTP Bug 3596: An unauthenticated unmonitored ntpd is vulnerable
to attack on IPv4 with highly predictable transmit timestamps. An
off-path attacker who can query time from the victim's ntp which
receives time from an unauthenticated time source must be able to
send from a spoofed IPv4 address of upstream ntp server and and
the victim must be able to process a large number of packets with
the spoofed IPv4 address of the upstream server. After eight or
more successful attacks in a row the attacker can either modify
the victim's clock by a small amount or cause ntpd to terminate.
The attack is especially effective when unusually short poll
intervals have been configured.
NTP Bug 3592: The fix for https://bugs.ntp.org/3445 introduced
a bug such that a ntp can be prevented from initiating a time
volley to its peer resulting in a DoS.
All three NTP bugs may result in DoS or terimation of the ntp
daemon.
Discovery 2019-05-30 Entry 2020-03-03 FreeBSD
>= 11.3 lt 11.3_7
>= 12.1 lt 12.1_3
ntp
< 4.2.8p14
ntp-devel
<= 4.3.99_6
SA-20:09.ntp
|
af485ef4-1c58-11e8-8477-d05099c0ae8c | ntp -- multiple vulnerabilities
Network Time Foundation reports:
The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11.
This release addresses five security issues in ntpd:
- LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil
vulnerability: ephemeral association attack
- INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909:
ctl_getitem(): buffer read overrun leads to undefined
behavior and information leak
- LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple
authenticated ephemeral associations
- LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved
symmetric mode cannot recover from bad state
- LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909:
Unauthenticated packet can reset authenticated interleaved
association
one security issue in ntpq:
- MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909:
ntpq:decodearr() can write beyond its buffer limit
and provides over 33 bugfixes and 32 other improvements.
Discovery 2018-02-27 Entry 2018-02-28 Modified 2018-03-14 FreeBSD
>= 11.1 lt 11.1_7
>= 10.4 lt 10.4_6
>= 10.3 lt 10.3_27
ntp
< 4.2.8p11
ntp-devel
> 0
CVE-2016-1549
CVE-2018-7182
CVE-2018-7170
CVE-2018-7184
CVE-2018-7185
CVE-2018-7183
SA-18:02.ntp
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
|
5237f5d7-c020-11e5-b397-d050996490d0 | ntp -- multiple vulnerabilities
Network Time Foundation reports:
NTF's NTP Project has been notified of the following low-
and medium-severity vulnerabilities that are fixed in
ntp-4.2.8p6, released on Tuesday, 19 January 2016:
- Bug 2948 / CVE-2015-8158: Potential Infinite Loop
in ntpq. Reported by Cisco ASIG.
- Bug 2945 / CVE-2015-8138: origin: Zero Origin
Timestamp Bypass. Reported by Cisco ASIG.
- Bug 2942 / CVE-2015-7979: Off-path Denial of
Service (DoS) attack on authenticated broadcast
mode. Reported by Cisco ASIG.
- Bug 2940 / CVE-2015-7978: Stack exhaustion in
recursive traversal of restriction list.
Reported by Cisco ASIG.
- Bug 2939 / CVE-2015-7977: reslist NULL pointer
dereference. Reported by Cisco ASIG.
- Bug 2938 / CVE-2015-7976: ntpq saveconfig command
allows dangerous characters in filenames.
Reported by Cisco ASIG.
- Bug 2937 / CVE-2015-7975: nextvar() missing length
check. Reported by Cisco ASIG.
- Bug 2936 / CVE-2015-7974: Skeleton Key: Missing
key check allows impersonation between authenticated
peers. Reported by Cisco ASIG.
- Bug 2935 / CVE-2015-7973: Deja Vu: Replay attack on
authenticated broadcast mode. Reported by Cisco ASIG.
Additionally, mitigations are published for the following
two issues:
- Bug 2947 / CVE-2015-8140: ntpq vulnerable to replay
attacks. Reported by Cisco ASIG.
- Bug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc,
disclose origin. Reported by Cisco ASIG.
Discovery 2016-01-20 Entry 2016-01-21 Modified 2016-08-09 ntp
< 4.2.8p6
ntp-devel
< 4.3.90
FreeBSD
>= 10.2 lt 10.2_11
>= 10.1 lt 10.1_28
>= 9.3 lt 9.3_35
SA-16:09.ntp
CVE-2015-7973
CVE-2015-7974
CVE-2015-7975
CVE-2015-7976
CVE-2015-7977
CVE-2015-7978
CVE-2015-7979
CVE-2015-8138
CVE-2015-8139
CVE-2015-8140
CVE-2015-8158
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
|
8db8d62a-b08b-11e6-8eba-d050996490d0 | ntp -- multiple vulnerabilities
Network Time Foundation reports:
NTF's NTP Project is releasing ntp-4.2.8p9, which addresses:
- 1 HIGH severity vulnerability that only affects Windows
- 2 MEDIUM severity vulnerabilities
- 2 MEDIUM/LOW severity vulnerabilities
- 5 LOW severity vulnerabilities
- 28 other non-security fixes and improvements
All of the security issues in this release are listed in
VU#633847.
Discovery 2016-11-21 Entry 2016-11-22 ntp
< 4.2.8p9
ntp-devel
> 0
CVE-2016-7426
CVE-2016-7427
CVE-2016-7428
CVE-2016-7429
CVE-2016-7431
CVE-2016-7433
CVE-2016-7434
CVE-2016-9310
CVE-2016-9311
CVE-2016-9312
http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se
http://www.kb.cert.org/vuls/id/633847
|