The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of NTP.org: five vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of NTP.org.
Vulnerable systems: Cisco ACE, ASA, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco MeetingPlace, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Meinberg NTP Server, Data ONTAP 7-Mode, NTP.org, openSUSE, openSUSE Leap, Solaris, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.
Severity of this threat: 3/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 03/06/2016.
Références of this weakness: 9010095, bulletinapr2016, CERTFR-2016-AVI-209, CERTFR-2021-AVI-442, cisco-sa-20160603-ntpd, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-4957, FEDORA-2016-89e0874533, FEDORA-2016-c3bd6a3496, FreeBSD-SA-16:24.ntp, hpesbhf03757, ICSA-16-175-03, K03331206, K64505405, K82644737, NTAP-20160722-0001, openSUSE-SU-2016:1583-1, openSUSE-SU-2016:1636-1, SOL03331206, SSA:2016-155-01, SSA-211752, SUSE-SU-2016:1563-1, SUSE-SU-2016:1568-1, SUSE-SU-2016:1584-1, SUSE-SU-2016:1602-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-3096-1, VIGILANCE-VUL-19790, VU#321640.

Description of the vulnerability 

Several vulnerabilities were announced in NTP.org.

An attacker can force ntpd to use "interleaved" mode, in order to trigger a denial of service. [severity:1/4; CVE-2016-4956, VU#321640]

An attacker can send a spoofed CRYPTO_NAK packet, in order to trigger a denial of service. [severity:1/4; CVE-2016-4955, VU#321640]

An attacker can send spoofed packets, in order to partially corrupt the state ot the target server. [severity:1/4; CVE-2016-4954, VU#321640]

An attacker can send a malicious CRYPTO-NAK packet, in order to invalidate the cryptographic protection layer. [severity:1/4; CVE-2016-4953, VU#321640]

An attacker can send a malicious CRYPTO-NAK packet, the validity of which is wrongly checked, in order to trigger a denial of service. [severity:3/4; CVE-2016-4957, VU#321640]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability announce impacts software or systems such as Cisco ACE, ASA, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco MeetingPlace, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Meinberg NTP Server, Data ONTAP 7-Mode, NTP.org, openSUSE, openSUSE Leap, Solaris, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.

Our Vigil@nce team determined that the severity of this cybersecurity bulletin is important.

The trust level is of type confirmed by the editor, with an origin of internet server.

This bulletin is about 5 vulnerabilities.

An attacker with a expert ability can exploit this threat alert.

Solutions for this threat 

NTP.org: version 4.2.8p8.
The version 4.2.8p8 is fixed:
  http://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p8.tar.gz

AIX: patch for NTP (07/09/2016).
A patch is available:
  https://aix.software.ibm.com/aix/efixes/security/ntp_fix7.tar

Cisco: solution for NTP.
The solution is indicated in information sources.

F5 BIG-IP: solution for NTP.
The solution is indicated in information sources.

Fedora: new ntp packages.
New packages are available:
  Fedora 23: ntp 4.2.6p5-41.fc23
  Fedora 22: ntp 4.2.6p5-41.fc22

FreeBSD: patch for ntp.
A patch is available:
  https://security.freebsd.org/patches/SA-16:24/ntp.patch.asc

HPE Switch Comware: fixed versions for NTP.
Fixed versions are indicated in information sources.

Meinberg NTP Server: version 4.2.8p8.
The version 4.2.8p8 is fixed:
  http://www.microsoft.com/en-us/download/details.aspx?id=29

Meinberg NTP Server: version 6.20.005.
The version 6.20.005 is fixed:
  https://www.meinbergglobal.com/english/sw/firmware.htm

NetApp Data ONTAP: solution for ntpd.
The solution is indicated in information sources.

openSUSE: new ntp packages.
New packages are available:
  openSUSE 13.2: ntp 4.2.8p8-25.18.1
  openSUSE Leap 42.1: ntp 4.2.8p8-24.1

SIMATIC NET CP 443-1 OPC UA: fixed versions for NTP.
Fixed versions are indicated in information sources.

Slackware: new ntp packages.
New packages are available:
  Slackware 13.0: ntp 4.2.8p8-*-1_slack13.0
  Slackware 13.1: ntp 4.2.8p8-*-1_slack13.1
  Slackware 13.37: ntp 4.2.8p8-*-1_slack13.37
  Slackware 14.0: ntp 4.2.8p8-*-1_slack14.0
  Slackware 14.1: ntp 4.2.8p8-*-1_slack14.1

Solaris: patch for third party software April 2016 v6.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

SUSE LE 10 SP4: new ntp packages.
New packages are available:
  SUSE LE 10 SP4: ntp 4.2.8p8-0.7.1

SUSE LE 10 SP4: new yast2-ntp-client packages.
New packages are available:
  SUSE LE 10 SP4: yast2-ntp-client 2.13.18-0.20.1

SUSE LE: new ntp packages.
New packages are available:
  SUSE LE 12 SP1: ntp 4.2.8p8-14.1
  SUSE LE 12 RTM: ntp 4.2.8p8-46.8.1
  SUSE LE 11 SP4: ntp 4.2.8p8-14.1
  SUSE LE 11 SP3: ntp 4.2.8p8-47.3
  SUSE LE 11 SP2: ntp 4.2.8p8-47.3

Synology DS/RS: version 6.0.1-7393-1.
The version 6.0.1-7393-1 is fixed:
  https://www.synology.com/

Synology NAS/DSM: workaround for NTP.
A workaround is indicated in the information source.

Ubuntu: new ntp packages (06/10/2016).
New packages are available:
  Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.3
  Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
  Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.11

Wind River VxWorks: solution for NTP.
The solution is indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides systems vulnerabilities alerts. The technology watch team tracks security threats targeting the computer system.