The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

security announce CVE-2015-7704 CVE-2015-8138 CVE-2016-1547

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Severity of this announce: 2/4.
Number of vulnerabilities in this bulletin: 11.
Creation date: 27/04/2016.
Références of this computer vulnerability: bulletinapr2016, bulletinapr2019, c05270839, CERTFR-2016-AVI-153, CERTFR-2017-AVI-365, CERTFR-2018-AVI-545, cisco-sa-20160428-ntpd, cpujan2018, CTX220112, CVE-2015-7704, CVE-2015-8138, CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550, CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, DLA-559-1, DSA-3629-1, FEDORA-2016-5b2eb0bf9c, FEDORA-2016-777d838c1b, FEDORA-2018-70c191d84a, FEDORA-2018-de113aeac6, FreeBSD-SA-16:16.ntp, HPESBHF03750, HPSBHF03646, JSA10776, JSA10796, JSA10824, JSA10826, JSA10898, K11251130, K20804323, K24613253, K43205719, K63675293, MBGSA-1602, openSUSE-SU-2016:1292-1, openSUSE-SU-2016:1329-1, openSUSE-SU-2016:1423-1, openSUSE-SU-2018:0970-1, PAN-SA-2016-0019, RHSA-2016:1141-01, RHSA-2016:1552-01, SB10164, SOL11251130, SOL20804323, SOL24613253, SOL41613034, SOL43205719, SOL45427159, SOL61200338, SOL63675293, SSA:2016-120-01, STORM-2016-003, STORM-2016-004, SUSE-SU-2016:1175-1, SUSE-SU-2016:1177-1, SUSE-SU-2016:1247-1, SUSE-SU-2016:1278-1, SUSE-SU-2016:1291-1, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, SUSE-SU-2018:1464-1, SUSE-SU-2018:1765-1, Synology-SA-18:13, Synology-SA-18:14, TALOS-2016-0081, TALOS-2016-0082, TALOS-2016-0083, TALOS-2016-0084, TALOS-2016-0132, USN-3096-1, USN-3349-1, VIGILANCE-VUL-19477, VU#718152.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

The ntpd daemon can on certain systems accept packets from 127.0.0.0/8. [severity:1/4; CVE-2016-1551, TALOS-2016-0132]

An attacker can use a Sybil attack, in order to alter the system clock. [severity:2/4; CVE-2016-1549, TALOS-2016-0083]

An attacker can force an assertion error with duplicate IP, in order to trigger a denial of service. [severity:2/4; CVE-2016-2516]

An attacker can trigger an error in the management of trustedkey/requestkey/controlkey, in order to trigger a denial of service. [severity:2/4; CVE-2016-2517]

An attacker can force a read at an invalid address in MATCH_ASSOC, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-2518]

An attacker can trigger a fatal error in ctl_getitem(), in order to trigger a denial of service. [severity:2/4; CVE-2016-2519]

An attacker can send a malicious CRYPTO-NAK packet, in order to trigger a denial of service. [severity:2/4; CVE-2016-1547, TALOS-2016-0081]

An attacker can use Interleave-pivot, in order to alter a client time. [severity:2/4; CVE-2016-1548, TALOS-2016-0082]

An attacker can trigger a fatal error in the ntp client, in order to trigger a denial of service. [severity:2/4; CVE-2015-7704]

The Zero Origin Timestamp value is not correctly checked. [severity:2/4; CVE-2015-8138]

An attacker can measure the comparison execution time, in order to guess a hash. [severity:2/4; CVE-2016-1550, TALOS-2016-0084]
Full Vigil@nce bulletin... (Free trial)

This threat impacts software or systems such as SNS, ASA, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco Unity ~ precise, XenServer, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, Junos Space, SRX-Series, McAfee Web Gateway, Meinberg NTP Server, NTP.org, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.

Our Vigil@nce team determined that the severity of this computer threat is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 11 vulnerabilities.

An attacker with a expert ability can exploit this cybersecurity bulletin.

Solutions for this threat

NTP.org: version 4.2.8p7.
The version 4.2.8p7 is fixed:
  http://www.ntp.org/

AIX: patch for NTP (07/09/2016).
A patch is available:
  https://aix.software.ibm.com/aix/efixes/security/ntp_fix7.tar

AIX: patch for NTP (16/08/2018).
A patch is indicated in information sources.

Cisco: solution for NTP.
The solution is indicated in information sources.

Citrix XenServer: solution.
The solution is indicated in information sources.

Debian: new ntp packages.
New packages are available:
  Debian 7: ntp 1:4.2.6.p5+dfsg-2+deb7u7
  Debian 8: ntp 1:4.2.6.p5+dfsg-7+deb8u2

F5 BIG-IP: solution for NTP.
The solution is indicated in information sources.

Fedora: new ntp packages (11/05/2016).
New packages are available:
  Fedora 22: ntp 4.2.6p5-40.fc22
  Fedora 23: ntp 4.2.6p5-40.fc23

Fedora: new ntp packages (28/03/2018).
New packages are available:
  Fedora 26: ntp 4.2.8p11-1.fc26
  Fedora 27: ntp 4.2.8p11-1.fc27

FreeBSD: patch for ntp.
A patch is available:
  https://security.FreeBSD.org/patches/SA-16:16/ntp.patch

HP Comware: solution for NTP.
The solution is indicated in information sources.

HP Comware Switch: solution for NTP.
The solution is indicated in information sources.

Juniper Junos Space: solution.
The solution is indicated in information sources.

Junos: fixed versions for NTP.
Fixed versions are indicated in information sources.

Junos OS: fixed versions for NTP.
Fixed versions are indicated in information sources.

Junos Space: solution for NTP.
The solution is indicated in information sources.

McAfee Web Gateway: versions 7.5.2.9 and 7.6.2.1.
Versions 7.5.2.9 and 7.6.2.1 are fixed:
  https://kc.mcafee.com/corporate/index?page=content&id=KB56057

Meinberg: solution for NTP and OpenSSL.
The solution is indicated in information sources.

openSUSE 13.2: new ntp packages.
New packages are available:
  openSUSE 13.2: ntp 4.2.8p7-25.15.1

openSUSE Leap 42.1: new ntp packages.
New packages are available:
  openSUSE Leap 42.1: ntp 4.2.8p6-15.1

openSUSE Leap 42.3: new ntp packages (17/04/2018).
New packages are available:
  openSUSE Leap 42.3: ntp 4.2.8p11-31.3.1

Oracle Communications: CPU of January 2018.
A Critical Patch Update is available:
  http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Oracle Solaris: patch for third party software of April 2019 v1.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

PAN-OS: versions 5.0.20, 5.1.13, 6.0.15, 6.1.13, 7.0.9 and 7.1.4.
Versions 5.0.20, 5.1.13, 6.0.15, 6.1.13, 7.0.9 and 7.1.4 are fixed.

pfSense: version 2.3 Update 1.
The version 2.3 Update 1 is fixed.

RHEL 6.7: new ntp packages.
New packages are available:
  RHEL 6: ntp 4.2.6p5-5.el6_7.5

RHEL: new ntp packages.
New packages are available:
  RHEL 6: ntp 4.2.6p5-10.el6.1
  RHEL 7: ntp 4.2.6p5-22.el7_2.2

Slackware: new ntp packages.
New packages are available:
  Slackware 13.0: ntp 4.2.8p7-*-1_slack13.0
  Slackware 13.1: ntp 4.2.8p7-*-1_slack13.1
  Slackware 13.37: ntp 4.2.8p7-*-1_slack13.37
  Slackware 14.0: ntp 4.2.8p7-*-1_slack14.0
  Slackware 14.1: ntp 4.2.8p7-*-1_slack14.1

Solaris: patch for third party software April 2016 v6.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Stormshield Network Security: version 2.5.0.
The version 2.5.0 is fixed:
  https://www.stormshield.eu/

SUSE LE 10 SP4: new ntp packages.
New packages are available:
  SUSE LE 10 SP4: ntp 4.2.8p8-0.7.1

SUSE LE 10 SP4: new yast2-ntp-client packages.
New packages are available:
  SUSE LE 10 SP4: yast2-ntp-client 2.13.18-0.20.1

SUSE LE 11 SP2/3: new ntp packages.
New packages are available:
  SUSE LE 11 SP2: ntp 4.2.8p6-41.1
  SUSE LE 11 SP3: ntp 4.2.8p6-41.1

SUSE LE 12: new ntp packages.
New packages are available:
  SUSE LE 12 SP1: ntp 4.2.8p11-64.5.1
  SUSE LE 12 SP2: ntp 4.2.8p11-64.5.1
  SUSE LE 12 SP3: ntp 4.2.8p11-64.5.1

SUSE LE 12 RTM: new ntp packages.
New packages are available:
  SUSE LE 12 RTM: ntp 4.2.8p11-46.26.2

SUSE LE: new ntp packages.
New packages are available:
  SUSE LE 11 SP4: ntp 4.2.8p7-11.1, ntp 4.2.8p6-8.2
  SUSE LE 12 RTM: ntp 4.2.8p6-46.5.2
  SUSE LE 12 SP1: ntp 4.2.8p6-8.2

Synology DSM: solution for NTP.
The solution is indicated in information sources.

Synology DS/RS: version 5.2-5967-1.
The version 5.2-5967-1 is fixed:
  https://www.synology.com/

Synology DS/RS: version 6.0-7321-6.
The version 6.0-7321-6 is fixed:
  https://www.synology.com/

Synology: version 6.1.6-15266.
The version 6.1.6-15266 is fixed:
  https://www.synology.com/

Ubuntu: new ntp packages (06/07/2017).
New packages are available:
  Ubuntu 17.04: ntp 1:4.2.8p9+dfsg-2ubuntu1.1
  Ubuntu 16.10: ntp 1:4.2.8p8+dfsg-1ubuntu2.1
  Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.5
  Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11

Ubuntu: new ntp packages (06/10/2016).
New packages are available:
  Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.3
  Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
  Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.11
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides an application vulnerability alert. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.