The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Severity of this weakness: 3/4.
Number of vulnerabilities in this bulletin: 16.
Creation date: 22/10/2015.
Références of this bulletin: 045915, ARUBA-PSA-2015-010, BSA-2016-004, BSA-2016-005, bulletinjan2016, c05270839, CERTFR-2015-AVI-449, CERTFR-2018-AVI-545, cisco-sa-20151021-ntp, CVE-2015-5196-REJECT, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871, DSA-3388-1, FEDORA-2015-77bfbc1bcd, FEDORA-2016-34bc10a2c8, FreeBSD-SA-15:25.ntp, HPSBHF03646, JSA10711, JSA10898, NetBSD-SA2016-001, ntp_advisory4, openSUSE-SU-2015:2016-1, openSUSE-SU-2016:1423-1, RHSA-2015:1930-01, RHSA-2015:2520-01, RHSA-2016:0780-01, RHSA-2016:2583-02, SA103, SB10164, SOL10600056, SOL17515, SOL17516, SOL17517, SOL17518, SOL17521, SOL17522, SOL17524, SOL17525, SOL17526, SOL17527, SOL17528, SOL17529, SOL17530, SOL17566, SSA:2015-302-03, SSA-396873, SSA-472334, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, Synology-SA-18:13, Synology-SA-18:14, TALOS-2015-0052, TALOS-2015-0054, TALOS-2015-0055, TALOS-2015-0062, TALOS-2015-0063, TALOS-2015-0064, TALOS-2015-0065, TALOS-2015-0069, USN-2783-1, VIGILANCE-VUL-18162, VN-2015-009.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can bypass the authentication in crypto-NAK, in order to escalate his privileges. [severity:3/4; CVE-2015-7871, TALOS-2015-0069]

An attacker can trigger a fatal error in decodenetnum, in order to trigger a denial of service. [severity:2/4; CVE-2015-7855]

An attacker can generate a buffer overflow in Password, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7854, TALOS-2015-0065]

An attacker can generate a buffer overflow in refclock, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7853, TALOS-2015-0064]

An attacker can generate a memory corruption in atoascii, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7852, TALOS-2015-0063]

An attacker can traverse directories in saveconfig, in order to read a file outside the root path. [severity:2/4; CVE-2015-7851, TALOS-2015-0062]

An attacker can trigger a fatal error in logfile-keyfile, in order to trigger a denial of service. [severity:2/4; CVE-2015-7850, TALOS-2015-0055]

An attacker can force the usage of a freed memory area in Trusted Key, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7849, TALOS-2015-0054]

An attacker can force a read at an invalid address with a Mode packet, in order to trigger a denial of service. [severity:2/4; CVE-2015-7848, TALOS-2015-0052]

An attacker can create a memory leak in CRYPTO_ASSOC, in order to trigger a denial of service. [severity:2/4; CVE-2015-7701]

An authenticated attacker can use pidfile/driftfile, to corrupt a file with its privileges (VIGILANCE-VUL-17747). [severity:2/4; CVE-2015-5196-REJECT, CVE-2015-7703]

An attacker can trigger a fatal error in the ntp client, in order to trigger a denial of service. [severity:2/4; CVE-2015-7704]

An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:2/4; CVE-2015-7705]

An unknown vulnerability was announced in Autokey. [severity:2/4; CVE-2015-7691]

An unknown vulnerability was announced in Autokey. [severity:2/4; CVE-2015-7692]

An unknown vulnerability was announced in Autokey. [severity:2/4; CVE-2015-7702]
Full Vigil@nce bulletin... (Request your free trial)

This computer vulnerability announce impacts software or systems such as ArubaOS, Blue Coat CAS, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Unity Cisco, Debian, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, McAfee Web Gateway, Meinberg NTP Server, NetBSD, NTP.org, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, ROX, RuggedSwitch, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.

Our Vigil@nce team determined that the severity of this cybersecurity bulletin is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 16 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this threat alert.

Solutions for this threat

NTP.org: version ntp-4.2.8p4.
The version ntp-4.2.8p4 is fixed:
  http://support.ntp.org/bin/view/Main/SoftwareDownloads

ArubaOS: versions 6.3.1.20, 6.4.2.14, 6.4.3.6 and 6.4.4.3.
Versions 6.3.1.20, 6.4.2.14, 6.4.3.6 and 6.4.4.3 are fixed:
  http://support.arubanetworks.com/

Blue Coat Content Analysis System: version 1.3.6.1 for CVE-2015-7704.
The version 1.3.6.1 fixes CVE-2015-7704 only.

Brocade: solution for multiples vulnerabilities (13/04/2016).
The solution is indicated in information sources.

Brocade: solution for multiple vulnerabilities (04/04/2016).
The following versions fix several vulnerabilities (but not CVE-2016-0705):
  Brocade Network Advisor : install version 12.4.2 or 14.0.1.
  Brocade vTM : install version 9.9r1 or 10.3r1.
The detailled solution is indicated in information sources.

Cisco: solution for NTP.org.
The solution is indicated in information sources.

Debian: new ntp packages.
New packages are available:
  Debian 7: ntp 1:4.2.6.p5+dfsg-2+deb7u6
  Debian 8: ntp 1:4.2.6.p5+dfsg-7+deb8u1

Extreme Networks: solution for NTP.
The solution is indicated in information sources.

F5 BIG-IP: fixed versions for NTP.
Fixed versions are indicated in information sources.

Fedora 21: new ntp packages.
New packages are available:
  Fedora 21: ntp 4.2.6p5-34.fc21

Fedora 22: new ntp packages.
New packages are available:
  Fedora 22: ntp 4.2.6p5-36.fc22

FreeBSD: patch for ntpd.
A patch is indicated in information sources.

HP Comware Switch: solution for NTP.
The solution is indicated in information sources.

IBM AIX: patch for ntp.
A patch is available:
  https://aix.software.ibm.com/aix/efixes/security/ntp_fix4.tar

Junos OS: fixed versions for NTP.
Fixed versions are indicated in information sources.

Junos: workaround for NTP.org.
A workaround is indicated in the information source.

McAfee Web Gateway: versions 7.5.2.9 and 7.6.2.1.
Versions 7.5.2.9 and 7.6.2.1 are fixed:
  https://kc.mcafee.com/corporate/index?page=content&id=KB56057

Meinberg NTP Server: solution.
The solution is indicated in information sources.

NetBSD: patch for ntp.
A patch is indicated in information sources.

openSUSE 13.2: new ntp packages.
New packages are available:
  openSUSE 13.2: ntp 4.2.8p7-25.15.1

openSUSE Leap 42.1: new ntp packages.
New packages are available:
  openSUSE Leap 42.1: ntp 4.2.8p4-9.2

pfSense: version 2.2.5.
The version 2.2.5 is fixed:
  https://pfsense.org/download/

RHEL 6: new ntp packages.
New packages are available:
  RHEL 6: ntp 4.2.6p5-10.el6

RHEL 7: new ntp packages.
New packages are available:
  RHEL 7: ntp 4.2.6p5-25.el7

RHEL: new ntp packages.
New packages are available:
  RHEL 6: ntp 4.2.6p5-5.el6_7.2
  RHEL 7: ntp 4.2.6p5-19.el7_1.3

Ruggedcom ROX: version 2.9.0.
The version 2.9.0 is fixed:
  http://www.siemens.com/automation/support-request

Slackware: new ntp packages.
New packages are available:
  Slackware 13.0: ntp 4.2.8p4-*-1_slack13.0
  Slackware 13.1: ntp 4.2.8p4-*-1_slack13.1
  Slackware 13.37: ntp 4.2.8p4-*-1_slack13.37
  Slackware 14.0: ntp 4.2.8p4-*-1_slack14.0
  Slackware 14.1: ntp 4.2.8p4-*-1_slack14.1

Solaris: patch for Third Party 03/2016.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Spectracom SecureSync: solution for NTP.org 4.2.8p4.
The solution is indicated in information sources.

SUSE LE 10 SP4: new ntp packages.
New packages are available:
  SUSE LE 10 SP4: ntp 4.2.8p8-0.7.1

SUSE LE 10 SP4: new yast2-ntp-client packages.
New packages are available:
  SUSE LE 10 SP4: yast2-ntp-client 2.13.18-0.20.1

SUSE LE 11 SP2/3: new ntp packages.
New packages are available:
  SUSE LE 11 SP2: ntp 4.2.8p6-41.1
  SUSE LE 11 SP3: ntp 4.2.8p6-41.1

Synology DSM: solution for NTP.
The solution is indicated in information sources.

Synology: version 6.1.6-15266.
The version 6.1.6-15266 is fixed:
  https://www.synology.com/

Ubuntu: new ntp packages.
New packages are available:
  Ubuntu 15.10: ntp 1:4.2.6.p5+dfsg-3ubuntu8.1
  Ubuntu 15.04: ntp 1:4.2.6.p5+dfsg-3ubuntu6.2
  Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
  Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.6

Wind River VxWorks: solution for NTP.
The solution is indicated in information sources.
Full Vigil@nce bulletin... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a network vulnerability note. The Vigil@nce vulnerability database contains several thousand vulnerabilities.