The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of NTP.org: multiple vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of NTP.org.
Vulnerable systems: Blue Coat CAS, Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco MeetingPlace, Unity Cisco, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, HP-UX, AIX, Security Directory Server, Juniper J-Series, Junos OS, Junos Space, Meinberg NTP Server, Data ONTAP 7-Mode, NTP.org, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity of this threat: 2/4.
Number of vulnerabilities in this bulletin: 10.
Creation date: 21/11/2016.
Références of this weakness: 2009389, bulletinoct2016, CERTFR-2017-AVI-090, cisco-sa-20161123-ntpd, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, CVE-2016-9312, FEDORA-2016-7209ab4e02, FEDORA-2016-c198d15316, FEDORA-2016-e8a8561ee7, FreeBSD-SA-16:39.ntp, HPESBHF03883, HPESBUX03706, HPESBUX03885, JSA10776, JSA10796, K51444934, K55405388, K87922456, MBGSA-1605, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2016:3280-1, pfSense-SA-17_03.webgui, RHSA-2017:0252-01, SA139, SSA:2016-326-01, TALOS-2016-0130, TALOS-2016-0131, TALOS-2016-0203, TALOS-2016-0204, USN-3349-1, VIGILANCE-VUL-21170, VU#633847.

Description of the vulnerability 

Several vulnerabilities were announced in NTP.org.

An attacker can force an assertion error, in order to trigger a denial of service. [severity:2/4; CVE-2016-9311, TALOS-2016-0204]

An attacker can bypass security features via Mode 6, in order to obtain sensitive information. [severity:2/4; CVE-2016-9310, TALOS-2016-0203]

An attacker can trigger a fatal error via Broadcast Mode Replay, in order to trigger a denial of service. [severity:2/4; CVE-2016-7427, TALOS-2016-0131]

An attacker can trigger a fatal error via Broadcast Mode Poll Interval, in order to trigger a denial of service. [severity:2/4; CVE-2016-7428, TALOS-2016-0130]

An attacker can send malicious UDP packets, in order to trigger a denial of service on Windows. [severity:2/4; CVE-2016-9312]

An unknown vulnerability was announced via Zero Origin Timestamp. [severity:2/4; CVE-2016-7431]

An attacker can force a NULL pointer to be dereferenced via _IO_str_init_static_internal(), in order to trigger a denial of service. [severity:2/4; CVE-2016-7434]

An unknown vulnerability was announced via Interface selection. [severity:2/4; CVE-2016-7429]

An attacker can trigger a fatal error via Client Rate Limiting, in order to trigger a denial of service. [severity:2/4; CVE-2016-7426]

An unknown vulnerability was announced via Reboot Sync. [severity:2/4; CVE-2016-7433]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness note impacts software or systems such as Blue Coat CAS, Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco MeetingPlace, Unity Cisco, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, HP-UX, AIX, Security Directory Server, Juniper J-Series, Junos OS, Junos Space, Meinberg NTP Server, Data ONTAP 7-Mode, NTP.org, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu.

Our Vigil@nce team determined that the severity of this threat note is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 10 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a beginner ability can exploit this computer weakness.

Solutions for this threat 

NTP.org: version 4.2.8p9.
The version 4.2.8p9 is fixed:
  https://www.ntp.org/

Blue Coat: solution for NTP.
Content Analysis 2.2.1.1 is fixed.

Cisco: solution for NTP.
The solution is indicated in information sources.

F5 BIG-IP: fixed versions for NTP.
Fixed versions are indicated in information sources.

Fedora: new ntp packages.
New packages are available:
  Fedora 23: ntp 4.2.6p5-43.fc23
  Fedora 24: ntp 4.2.6p5-43.fc24
  Fedora 25: ntp 4.2.6p5-43.fc25

FreeBSD: patch for ntp.
A patch is available:
  https://security.FreeBSD.org/patches/SA-16:39/ntp-11.0.patch
  https://security.FreeBSD.org/patches/SA-16:39/ntp-10.x.patch
  https://security.FreeBSD.org/patches/SA-16:39/ntp-9.3.patch

HPE Comware: solution for NTP.
The solution is indicated in information sources.

HP-UX ntp: version C.4.2.8.2.0.
The version C.4.2.8.2.0 is fixed:
  https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumber=HPUX-NTP

IBM AIX: patch for NTP.
A patch is indicated in information sources for each combination of NTP version and AIX version.

IBM Security Directory Suite: version 8.0.1.4.
The version 8.0.1.4 is fixed.

Junos: fixed versions for NTP.
Fixed versions are indicated in information sources.

Junos Space: solution for NTP.
The solution is indicated in information sources.

Meinberg NTP Server: version ntp-4.2.8p9.
The version ntp-4.2.8p9 is fixed:
  https://www.meinbergglobal.com/download/ntp/windows/ntp-4.2.8p9-win32-setup.exe

NetApp Data ONTAP: version 8.2.5 (13/03/2017).
See VIGILANCE-SOL-56869.

NetApp Data ONTAP: version 8.2.5 (19/01/2018).
The version 8.2.5 is fixed:
  http://mysupport.netapp.com/NOW/download/software/ontap/8.2.5/

openSUSE Leap: new ntp packages.
New packages are available:
  openSUSE Leap 42.1: ntp 4.2.8p9-27.1
  openSUSE Leap 42.2: ntp 4.2.8p9-27.1

pfSense: version 2.3.3.
The version 2.3.3 is fixed:
  https://www.pfsense.org/download/

RHEL: new ntp packages.
New packages are available:
  RHEL 6: ntp 4.2.6p5-10.el6_8.2
  RHEL 7: ntp 4.2.6p5-25.el7_3.1

Slackware: new ntp packages.
New packages are available:
  Slackware 13.0: ntp 4.2.8p9-*-1_slack13.0
  Slackware 13.1: ntp 4.2.8p9-*-1_slack13.1
  Slackware 13.37: ntp 4.2.8p9-*-1_slack13.37
  Slackware 14.0: ntp 4.2.8p9-*-1_slack14.0
  Slackware 14.1: ntp 4.2.8p9-*-1_slack14.1
  Slackware 14.2: ntp 4.2.8p9-*-1_slack14.2

Solaris: patch for third party software of October 2016 v5.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Synology DSM: version 6.0.2-8451-5.
The version 6.0.2-8451-5 is fixed.

Ubuntu: new ntp packages (06/07/2017).
New packages are available:
  Ubuntu 17.04: ntp 1:4.2.8p9+dfsg-2ubuntu1.1
  Ubuntu 16.10: ntp 1:4.2.8p8+dfsg-1ubuntu2.1
  Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.5
  Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides applications vulnerabilities alerts. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.