The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of NTP.org: altering time via Small-step/Big-step

Synthesis of the vulnerability 

An attacker can act as a Man-in-the-Middle of NTP.org, in order to change the client time.
Impacted systems: CheckPoint IP Appliance, IPSO, XenServer, Fedora, FreeBSD, AIX, Meinberg NTP Server, NTP.org, openSUSE, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity of this alert: 2/4.
Creation date: 08/01/2016.
Références of this alert: 2956, bulletinjan2016, CTX220112, CVE-2015-5300, FEDORA-2016-34bc10a2c8, FreeBSD-SA-16:02.ntp, openSUSE-SU-2016:1292-1, openSUSE-SU-2016:1329-1, openSUSE-SU-2016:1423-1, sk109942, SSA:2016-054-04, SUSE-SU-2016:1175-1, SUSE-SU-2016:1177-1, SUSE-SU-2016:1247-1, SUSE-SU-2016:1278-1, SUSE-SU-2016:1291-1, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, VIGILANCE-VUL-18665.

Description of the vulnerability 

The ntpd daemon of NTP.org manages the local time by receiving information from several time servers with upper stratum.

However, if an attacker acts as a Man-in-the-Middle, and sends invalid information to NTP.org, the daemon restarts. Then, during the restart, the attacker can continue to spoof upper time servers, to change the time. If ntpd is started without the "-g" option, the time change is limited to 900 seconds.

An attacker can therefore act as a Man-in-the-Middle of NTP.org, in order to change the client time.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat note impacts software or systems such as CheckPoint IP Appliance, IPSO, XenServer, Fedora, FreeBSD, AIX, Meinberg NTP Server, NTP.org, openSUSE, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this cybersecurity note is medium.

The trust level is of type confirmed by the editor, with an origin of internet server.

An attacker with a expert ability can exploit this vulnerability note.

Solutions for this threat 

NTP.org: version 4.2.8p5.
The version 4.2.8p5 is fixed:
  http://support.ntp.org/bin/view/Main/SoftwareDownloads

AIX: patch for NTP.
A patch is indicated in information sources.

Check Point IPSO: solution for NTP.
The solution is indicated in information sources.

Citrix XenServer: solution.
The solution is indicated in information sources.

Fedora 22: new ntp packages.
New packages are available:
  Fedora 22: ntp 4.2.6p5-36.fc22

FreeBSD: patch for ntp.
A patch is available:
  https://security.FreeBSD.org/patches/SA-16:02/ntp-9.patch
  https://security.FreeBSD.org/patches/SA-16:02/ntp-10.patch

Meinberg NTP Server: solution.
The solution is indicated in information sources.

openSUSE 13.2: new ntp packages.
New packages are available:
  openSUSE 13.2: ntp 4.2.8p7-25.15.1

openSUSE Leap 42.1: new ntp packages.
New packages are available:
  openSUSE Leap 42.1: ntp 4.2.8p6-15.1

Slackware: new ntp packages.
New packages are available:
  Slackware 13.0: ntp 4.2.8p6-*-1_slack13.0
  Slackware 13.1: ntp 4.2.8p6-*-1_slack13.1
  Slackware 13.37: ntp 4.2.8p6-*-1_slack13.37
  Slackware 14.0: ntp 4.2.8p6-*-1_slack14.0
  Slackware 14.1: ntp 4.2.8p6-*-1_slack14.1

Solaris: patch for Third Party 03/2016.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

SUSE LE 10 SP4: new ntp packages.
New packages are available:
  SUSE LE 10 SP4: ntp 4.2.8p8-0.7.1

SUSE LE 10 SP4: new yast2-ntp-client packages.
New packages are available:
  SUSE LE 10 SP4: yast2-ntp-client 2.13.18-0.20.1

SUSE LE 11 SP2/3: new ntp packages.
New packages are available:
  SUSE LE 11 SP2: ntp 4.2.8p6-41.1
  SUSE LE 11 SP3: ntp 4.2.8p6-41.1

SUSE LE: new ntp packages.
New packages are available:
  SUSE LE 11 SP4: ntp 4.2.8p7-11.1, ntp 4.2.8p6-8.2
  SUSE LE 12 RTM: ntp 4.2.8p6-46.5.2
  SUSE LE 12 SP1: ntp 4.2.8p6-8.2
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability patches. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.