The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of NTP.org: multiple vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of NTP.org.
Vulnerable software: SNS, Blue Coat CAS, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Juniper J-Series, Junos OS, Junos Space, Meinberg NTP Server, NTP.org, openSUSE, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this announce: 2/4.
Number of vulnerabilities in this bulletin: 11.
Creation date: 21/01/2016.
Références of this computer vulnerability: BSA-2016-005, BSA-2016-006, CERTFR-2016-AVI-045, CERTFR-2021-AVI-442, cisco-sa-20160127-ntpd, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158, DLA-559-1, DSA-3629-1, FEDORA-2016-34bc10a2c8, FEDORA-2016-89e0874533, FEDORA-2016-8bb1932088, FEDORA-2016-c3bd6a3496, FreeBSD-SA-16:09.ntp, HPESBHF03750, JSA10776, JSA10796, K00329831, K01324833, K06288381, openSUSE-SU-2016:1292-1, openSUSE-SU-2016:1329-1, openSUSE-SU-2016:1423-1, PAN-SA-2016-0019, RHSA-2016:0063-01, RHSA-2016:0780-01, RHSA-2016:1552-01, RHSA-2016:2583-02, SA113, SOL00329831, SOL01324833, SOL05046514, SOL06288381, SOL13304944, SOL21230183, SOL32790144, SOL71245322, SOL74363721, SSA:2016-054-04, SSA-211752, STORM-2016-003, STORM-2016-004, SUSE-SU-2016:1175-1, SUSE-SU-2016:1177-1, SUSE-SU-2016:1247-1, SUSE-SU-2016:1278-1, SUSE-SU-2016:1291-1, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-3096-1, VIGILANCE-VUL-18787.

Description of the vulnerability 

Several vulnerabilities were announced in NTP.org.

An attacker can generate an infinite loop in ntpq, in order to trigger a denial of service. [severity:2/4; CVE-2015-8158]

The Zero Origin Timestamp value is not correctly checked. [severity:2/4; CVE-2015-8138]

An attacker can trigger a fatal error in Authenticated Broadcast Mode, in order to trigger a denial of service. [severity:2/4; CVE-2015-7979]

An attacker can trigger a fatal error in Recursive Traversal, in order to trigger a denial of service. [severity:2/4; CVE-2015-7978]

An attacker can force a NULL pointer to be dereferenced in reslist, in order to trigger a denial of service. [severity:2/4; CVE-2015-7977]

An attacker can use a filename with special characters in the "ntpq saveconfig" command. [severity:2/4; CVE-2015-7976]

An attacker can generate a buffer overflow in nextvar(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-7975]

An attacker can bypass security features in Skeleton Key, in order to escalate his privileges. [severity:2/4; CVE-2015-7974]

An attacker can use a replay attack against Deja Vu. [severity:2/4; CVE-2015-7973]

An attacker can use a replay attack against ntpq. [severity:2/4; CVE-2015-8140]

An attacker can bypass security features in ntpq and ntpdc, in order to obtain sensitive information. [severity:2/4; CVE-2015-8139]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security vulnerability impacts software or systems such as SNS, Blue Coat CAS, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Juniper J-Series, Junos OS, Junos Space, Meinberg NTP Server, NTP.org, openSUSE, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this computer weakness bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 11 vulnerabilities.

An attacker with a expert ability can exploit this security note.

Solutions for this threat 

NTP.org: version 4.2.8p6.
The version 4.2.8p6 is fixed:
  http://support.ntp.org/bin/view/Main/SoftwareDownloads

Blue Coat CAS: version 1.3.6.1 for NTP.
The version 1.3.6.1 fixes CVE-2015-5300/CVE-2015-8138 only.

Brocade: solution for multiples vulnerabilities (13/04/2016).
The solution is indicated in information sources.

Brocade: solution for Multiple Vulnerabilities.
The solution is indicated in information sources.

Cisco ASA, Prime Security Manager: solution CSCux95174.
The solution CSCux95174 is available:
  https://tools.cisco.com/bugsearch/bug/CSCux95174
  https://tools.cisco.com/quickview/bug/CSCux95174

Cisco IOS XR: solution CSCux95128.
The solution CSCux95128 is available:
  https://tools.cisco.com/bugsearch/bug/CSCux95128
  https://tools.cisco.com/quickview/bug/CSCux95128

Cisco: solution for NTP.
The solution is indicated in information sources.

Cisco Unified Communications Manager: solution CSCux95217.
The solution CSCux95217 is available:
  https://tools.cisco.com/bugsearch/bug/CSCux95217
  https://tools.cisco.com/quickview/bug/CSCux95217

Debian: new ntp packages.
New packages are available:
  Debian 7: ntp 1:4.2.6.p5+dfsg-2+deb7u7
  Debian 8: ntp 1:4.2.6.p5+dfsg-7+deb8u2

F5 BIG-IP: fixed versions for NTP.
Fixed versions are indicated in information sources.

Fedora 22: new ntp packages.
New packages are available:
  Fedora 22: ntp 4.2.6p5-36.fc22

Fedora 23: new ntp packages.
New packages are available:
  Fedora 23: ntp 4.2.6p5-36.fc23

Fedora: new ntp packages.
New packages are available:
  Fedora 23: ntp 4.2.6p5-41.fc23
  Fedora 22: ntp 4.2.6p5-41.fc22

FreeBSD: patch for ntp.
A patch is available:
  https://security.FreeBSD.org/patches/SA-16:09/ntp.patch

HP Comware: solution for NTP.
The solution is indicated in information sources.

IBM AIX: patch for NTP.
A patch is available:
  https://aix.software.ibm.com/aix/efixes/security/ntp_fix6.tar

Junos: fixed versions for NTP.
Fixed versions are indicated in information sources.

Junos Space: solution for NTP.
The solution is indicated in information sources.

openSUSE 13.2: new ntp packages.
New packages are available:
  openSUSE 13.2: ntp 4.2.8p7-25.15.1

openSUSE Leap 42.1: new ntp packages.
New packages are available:
  openSUSE Leap 42.1: ntp 4.2.8p6-15.1

PAN-OS: versions 5.0.20, 5.1.13, 6.0.15, 6.1.13, 7.0.9 and 7.1.4.
Versions 5.0.20, 5.1.13, 6.0.15, 6.1.13, 7.0.9 and 7.1.4 are fixed.

RHEL 6.7: new ntp packages.
New packages are available:
  RHEL 6: ntp 4.2.6p5-5.el6_7.5

RHEL 6: new ntp packages.
New packages are available:
  RHEL 6: ntp 4.2.6p5-10.el6

RHEL 7: new ntp packages.
New packages are available:
  RHEL 7: ntp 4.2.6p5-25.el7

RHEL: new ntp packages.
New packages are available:
  RHEL 6: ntp 4.2.6p5-5.el6_7.4
  RHEL 7: ntp 4.2.6p5-22.el7_2.1

SIMATIC NET CP 443-1 OPC UA: fixed versions for NTP.
Fixed versions are indicated in information sources.

Slackware: new ntp packages.
New packages are available:
  Slackware 13.0: ntp 4.2.8p6-*-1_slack13.0
  Slackware 13.1: ntp 4.2.8p6-*-1_slack13.1
  Slackware 13.37: ntp 4.2.8p6-*-1_slack13.37
  Slackware 14.0: ntp 4.2.8p6-*-1_slack14.0
  Slackware 14.1: ntp 4.2.8p6-*-1_slack14.1

Stormshield Network Security: version 2.5.0.
The version 2.5.0 is fixed:
  https://www.stormshield.eu/

SUSE LE 10 SP4: new ntp packages.
New packages are available:
  SUSE LE 10 SP4: ntp 4.2.8p8-0.7.1

SUSE LE 10 SP4: new yast2-ntp-client packages.
New packages are available:
  SUSE LE 10 SP4: yast2-ntp-client 2.13.18-0.20.1

SUSE LE 11 SP2/3: new ntp packages.
New packages are available:
  SUSE LE 11 SP2: ntp 4.2.8p6-41.1
  SUSE LE 11 SP3: ntp 4.2.8p6-41.1

SUSE LE: new ntp packages.
New packages are available:
  SUSE LE 11 SP4: ntp 4.2.8p7-11.1, ntp 4.2.8p6-8.2
  SUSE LE 12 RTM: ntp 4.2.8p6-46.5.2
  SUSE LE 12 SP1: ntp 4.2.8p6-8.2

Ubuntu: new ntp packages (06/10/2016).
New packages are available:
  Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.3
  Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
  Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.11
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity workaround. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.