Home / mailingsPDF  

[USN-3096-1] NTP vulnerabilities

Posted on 05 October 2016
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-3096-1
October 05, 2016

ntp vulnerabilities
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in NTP.

Software Description:
- ntp: Network Time Protocol daemon and utility programs

Details:

Aanchal Malhotra discovered that NTP incorrectly handled authenticated
broadcast mode. A remote attacker could use this issue to perform a repla=
y
attack. (CVE-2015-7973)

Matt Street discovered that NTP incorrectly verified peer associations of=

symmetric keys. A remote attacker could use this issue to perform an
impersonation attack. (CVE-2015-7974)

Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled=

memory. An attacker could possibly use this issue to cause ntpq to crash,=

resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2015-7975)

Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled=

dangerous characters in filenames. An attacker could possibly use this
issue to overwrite arbitrary files. (CVE-2015-7976)

Stephen Gray discovered that NTP incorrectly handled large restrict lists=
=2E
An attacker could use this issue to cause NTP to crash, resulting in a
denial of service. (CVE-2015-7977, CVE-2015-7978)

Aanchal Malhotra discovered that NTP incorrectly handled authenticated
broadcast mode. A remote attacker could use this issue to cause NTP to
crash, resulting in a denial of service. (CVE-2015-7979)

Jonathan Gardner discovered that NTP incorrectly handled origin timestamp=

checks. A remote attacker could use this issue to spoof peer servers.
(CVE-2015-8138)

Jonathan Gardner discovered that the NTP ntpq utility did not properly
handle certain incorrect values. An attacker could possibly use this issu=
e
to cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158)

It was discovered that the NTP cronjob incorrectly cleaned up the
statistics directory. A local attacker could possibly use this to escalat=
e
privileges. (CVE-2016-0727)

Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly
validated crypto-NAKs. A remote attacker could possibly use this issue to=

prevent clients from synchronizing. (CVE-2016-1547)

Miroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly
handled switching to interleaved symmetric mode. A remote attacker could
possibly use this issue to prevent clients from synchronizing.
(CVE-2016-1548)

Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that
NTP incorrectly handled message authentication. A remote attacker could
possibly use this issue to recover the message digest key. (CVE-2016-1550=
)

Yihan Lian discovered that NTP incorrectly handled duplicate IPs on
unconfig directives. An authenticated remote attacker could possibly use
this issue to cause NTP to crash, resulting in a denial of service.
(CVE-2016-2516)

Yihan Lian discovered that NTP incorrectly handled certail peer
associations. A remote attacker could possibly use this issue to cause NT=
P
to crash, resulting in a denial of service. (CVE-2016-2518)

Jakub Prokes discovered that NTP incorrectly handled certain spoofed
packets. A remote attacker could possibly use this issue to cause a denia=
l
of service. (CVE-2016-4954)

Miroslav Lichvar discovered that NTP incorrectly handled certain packets
when autokey is enabled. A remote attacker could possibly use this issue =
to
cause a denial of service. (CVE-2016-4955)

Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
broadcast packets. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-4956)

In the default installation, attackers would be isolated by the NTP
AppArmor profile.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
ntp 1:4.2.8p4+dfsg-3ubuntu5.3

Ubuntu 14.04 LTS:
ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10

Ubuntu 12.04 LTS:
ntp 1:4.2.6.p3+dfsg-1ubuntu3.11

In general, a standard system update will make all the necessary changes.=


References:
http://www.ubuntu.com/usn/usn-3096-1
CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976,
CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138,
CVE-2015-8158, CVE-2016-0727, CVE-2016-1547, CVE-2016-1548,
CVE-2016-1550, CVE-2016-2516, CVE-2016-2518, CVE-2016-4954,
CVE-2016-4955, CVE-2016-4956

Package Information:
https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.3
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04=
=2E10
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.11



--00ObhqMMJXUtvXIMWuohrOAvH6au6HD5P--

 

TOP

Mailings :

Exploits :