The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Severity of this bulletin: 3/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 19/12/2014.
Revision date: 17/02/2016.
Références of this threat: c04554677, c04574882, c04916783, CERTFR-2014-AVI-537, CERTFR-2014-AVI-538, CERTFR-2016-AVI-148, cisco-sa-20141222-ntpd, cpuoct2016, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, DSA-3108-1, FEDORA-2014-17361, FEDORA-2014-17367, FEDORA-2014-17395, FreeBSD-SA-14:31.ntp, HPSBHF03432, HPSBPV03266, HPSBUX03240, JSA10663, MBGSA-1405, MDVSA-2015:003, MDVSA-2015:140, NetBSD-SA2015-003, openSUSE-SU-2014:1670-1, openSUSE-SU-2014:1680-1, RHSA-2014:2024-01, RHSA-2014:2025-01, RHSA-2015:0104-01, sk103825, SOL15933, SOL15934, SOL15935, SOL15936, SSA:2014-356-01, SSA-671683, SSRT101872, SUSE-SU-2014:1686-1, SUSE-SU-2014:1686-2, SUSE-SU-2014:1686-3, SUSE-SU-2014:1690-1, SUSE-SU-2015:0259-1, SUSE-SU-2015:0259-2, SUSE-SU-2015:0259-3, SUSE-SU-2015:0274-1, SUSE-SU-2015:0322-1, USN-2449-1, VIGILANCE-VUL-15867, VN-2014-005, VU#852879.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can predict the default key generated by config_auth(), in order to bypass the authentication. [severity:2/4; CVE-2014-9293]

An attacker can predict the key generated by ntp-keygen, in order to decrypt sessions. [severity:2/4; CVE-2014-9294]

An attacker can generate a buffer overflow in crypto_recv(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9295]

An attacker can generate a buffer overflow in ctl_putdata(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9295]

An attacker can generate a buffer overflow in configure(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9295]

An attacker can trigger an error in receive(), which is not detected. [severity:1/4; CVE-2014-9296]
Full Vigil@nce bulletin... (Request your free trial)

This computer threat bulletin impacts software or systems such as GAiA, CheckPoint IP Appliance, IPSO, CheckPoint Power-1 Appliance, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco CUCM, Cisco Unified CCX, Clearswift Email Gateway, Debian, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, HP-UX, AIX, Juniper J-Series, Junos OS, Junos Space, NSMXpress, Meinberg NTP Server, NetBSD, NTP.org, openSUSE, Oracle Communications, Solaris, RHEL, ROX, RuggedSwitch, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this security threat is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 6 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer vulnerability alert.

Solutions for this threat

NTP.org: version 4.2.8.
The version 4.2.8 is fixed:
  http://www.ntp.org/downloads.html

Meinberg NTP Server: version 4.2.8.
The version 4.2.8 is fixed:
  http://www.meinbergglobal.com/english/sw/ntp.htm

AIX: patch for NTP.
A patch is available:
  ftp://aix.software.ibm.com/aix/efixes/security/ntp_fix2.tar

Check Point: solution for NTP.
The solution is indicated in information sources. Analysis are in progress.

Cisco: solution for NTP.
The solution is indicated in information sources.
Analysis are in progress.

Clearswift SECURE Email Gateway: version 3.8.5.
The version 3.8.5 is fixed:
  http://app-patches.clearswift.net/Patches/Patch3_8_5.htm

Debian: new ntp packages.
New packages are available:
  Debian 7: ntp 1:4.2.6.p5+dfsg-2+deb7u1

Extreme Networks: solution for NTP.
The solution is indicated in information sources. Analysis are in progress.

F5 BIG-IP: fixed versions for NTP.
Fixed versions are indicated in information sources.

Fedora: new ntp packages.
New packages are available:
  Fedora 19: ntp 4.2.6p5-13.fc19
  Fedora 20: ntp 4.2.6p5-19.fc20
  Fedora 21: ntp 4.2.6p5-25.fc21

FreeBSD: patch for ntp.
A patch is available:
  https://security.FreeBSD.org/patches/SA-14:31/ntp.patch

HP Switch: fixed versions for NTP.
Fixed versions are indicated in information sources.

HP Switch: solution for NTP.
The solution is indicated in information sources.

HP-UX: solution for NTP.
The solution is indicated in information sources.

Junos, NSM: solution for NTP.
A solution is indicated in the information source.

Mandriva BS2: new ntp packages.
New packages are available:
  Mandriva BS2: ntp 4.2.6p5-16.1.mbs2

Mandriva: new ntp packages.
New packages are available:
  Mandriva BS1: ntp 4.2.6p5-8.1.mbs1

NetBSD: patch for NTPd.
A patch is available in information sources.

openSUSE: new ntp packages.
New packages are available:
  openSUSE 11.4: ntp 4.2.6p3-6.28.1
  openSUSE 12.3: ntp 4.2.6p5-9.14.1
  openSUSE 13.1: ntp 4.2.6p5-15.13.1
  openSUSE 13.2: ntp 4.2.6p5-25.5.1

Oracle Communications: CPU of October 2016.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2188694.1

RHEL: new ntp packages.
New packages are available:
  RHEL 5: ntp 4.2.2p1-18.el5_11
  RHEL 6: ntp 4.2.6p5-2.el6_6
  RHEL 7: ntp 4.2.6p5-19.el7_0

Ruggedcom ROX: version 2.6.2.
The version 2.6.2 is fixed:
  http://support.automation.siemens.com/

Ruggedcom ROX: workaround for NTP.
A workaround is indicated in the information source.

Slackware: new ntp packages.
New packages are available:
  Slackware 13.0: ntp 4.2.8-*-1_slack13.0
  Slackware 13.1: ntp 4.2.8-*-1_slack13.1
  Slackware 13.37: ntp 4.2.8-*-1_slack13.37
  Slackware 14.0: ntp 4.2.8-*-1_slack14.0
  Slackware 14.1: ntp 4.2.8-*-1_slack14.1

Solaris: patch for NTP.
A patch is available:
  Solaris 11.2: IDR1582.2
  Solaris 11.1: IDR1583.2
  Solaris 10 SPARC: IDR151767-01
  Solaris 10 X86: IDR151768-01

SUSE LE 10: new xntp packages.
New packages are available:
  SUSE LE 10: xntp 4.2.4p3-48.27.1

SUSE LE: new ntp packages.
New packages are available:
  SUSE LE 11: ntp 4.2.4p8-1.28.1
  SUSE LE 12: ntp 4.2.6p5-31.1

Ubuntu: new ntp packages.
New packages are available:
  Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1
  Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1
  Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.2
  Ubuntu 10.04 LTS: ntp 1:4.2.4p8+dfsg-1ubuntu2.2
Full Vigil@nce bulletin... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities note. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.