The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of NTP.org: multiple vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of NTP.org.
Impacted systems: Mac OS X, Blue Coat CAS, Broadcom Content Analysis, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, McAfee Web Gateway, Meinberg NTP Server, NetBSD, NTP.org, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, RHEL, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.
Severity of this alert: 2/4.
Number of vulnerabilities in this bulletin: 10.
Creation date: 22/03/2017.
Revision date: 30/03/2017.
Références of this alert: APPLE-SA-2017-09-25-1, bulletinapr2017, CVE-2016-9042, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464, DSA-2020-030, FEDORA-2017-5ebac1c112, FEDORA-2017-72323a442f, FreeBSD-SA-17:03.ntp, HT208144, K02951273, K07082049, K32262483, K-511308, K99254031, NTP-01-002, NTP-01-003, NTP-01-004, NTP-01-007, NTP-01-008, NTP-01-009, NTP-01-012, NTP-01-014, NTP-01-016, PAN-SA-2017-0022, RHSA-2017:3071-01, RHSA-2018:0855-01, SA147, SB10201, SSA:2017-112-02, TALOS-2016-0260, USN-3349-1, VIGILANCE-VUL-22217, VU#633847.

Description of the vulnerability 

Several vulnerabilities were announced in NTP.org.

An attacker can tamper with packet timestamp, in order to make target trafic dropped. [severity:2/4; CVE-2016-9042]

An attacker can generate a buffer overflow via ntpq, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-6460, NTP-01-002]

An attacker can generate a buffer overflow via mx4200_send(), in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6451, NTP-01-003]

An attacker can generate a buffer overflow via ctl_put(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-6458, NTP-01-004]

An attacker can generate a buffer overflow via addKeysToRegistry(), in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6459, NTP-01-007]

An attacker can generate a buffer overflow in the MS-Windows installer, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6452, NTP-01-008]

An attacker can define the PPSAPI_DLLS environment variable, in order to make the server run a library with hight privileges. [severity:2/4; CVE-2017-6455, NTP-01-009]

An authenticated attacker can submit an invalid configuration directive, to trigger a denial of service. [severity:2/4; CVE-2017-6463, NTP-01-012]

A privileged attacker can generate a buffer overflow via datum_pts_receive(), in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6462, NTP-01-014]

An authenticated attacker can submit an invalid configuration directive "mode", to trigger a denial of service. [severity:2/4; CVE-2017-6464, NTP-01-016]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness announce impacts software or systems such as Mac OS X, Blue Coat CAS, Broadcom Content Analysis, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, McAfee Web Gateway, Meinberg NTP Server, NetBSD, NTP.org, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, RHEL, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.

Our Vigil@nce team determined that the severity of this vulnerability alert is medium.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 10 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer threat announce.

Solutions for this threat 

NTP.org: version 4.2.8p10.
The version 4.2.8p10 is fixed:
  http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p10.tar.gz

AIX: patch for NTP.
A patch is available:
  ftp://aix.software.ibm.com/aix/efixes/security/ntp_fix9.tar
  http://aix.software.ibm.com/aix/efixes/security/ntp_fix9.tar
  https://aix.software.ibm.com/aix/efixes/security/ntp_fix9.tar

Apple macOS: version 10.13.
The version 10.13 is fixed:
  https://www.apple.com/support/downloads/

Blue Coat: solution for NTP.
The solution is indicated in information sources.

Dell EMC VNXe3200: version 3.1.11.10003441.
The version 3.1.11.10003441 is fixed:
  https://www.dell.com/support/

F5 BIG-IP: solution for NTP.
The solution is indicated in information sources.

Fedora: new ntp packages.
New packages are available:
  Fedora 24: ntp 4.2.6p5-44.fc24
  Fedora 25: ntp 4.2.6p5-44.fc25

FreeBSD: patch for ntp.
A patch is available:
  https://security.FreeBSD.org/patches/SA-17:03/ntp-11.0.patch.xz
  https://security.FreeBSD.org/patches/SA-17:03/ntp-10.3.patch.xz

McAfee Web Gateway: fixed versions for NTP.
Fixed versions are indicated in information sources.

Meinberg NTP Server: version 4.2.8p10.
The version 4.2.8p10 is fixed:
  https://www.meinbergglobal.com/download/ntp/windows/ntp-4.2.8p10-win32-setup.exe

NetBSD: version 7.1.1.
The version 7.1.1 is fixed:
  http://www.NetBSD.org/mirrors/

Oracle Solaris: patch for third party software of April 2017 v2.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

PAN-OS: fixed versions for NTP.
Fixed versions are indicated in information sources.

pfSense: version 2.3.4.
The version 2.3.4 is fixed:
  https://www.pfsense.org/

RHEL 6.9: new ntp packages.
New packages are available:
  RHEL 6: ntp 4.2.6p5-12.el6_9.1

RHEL 7: new ntp packages.
New packages are available:
  RHEL 7: ntp 4.2.6p5-28.el7

Slackware: new ntp packages.
New packages are available:
  Slackware 13.0: ntp 4.2.8p10-*-1_slack13.0
  Slackware 13.1: ntp 4.2.8p10-*-1_slack13.1
  Slackware 13.37: ntp 4.2.8p10-*-1_slack13.37
  Slackware 14.0: ntp 4.2.8p10-*-1_slack14.0
  Slackware 14.1: ntp 4.2.8p10-*-1_slack14.1
  Slackware 14.2: ntp 4.2.8p10-*-1_slack14.2

Spectracom SecureSync: version 5.7.0.
The version 5.7.0 is fixed.

Ubuntu: new ntp packages (06/07/2017).
New packages are available:
  Ubuntu 17.04: ntp 1:4.2.8p9+dfsg-2ubuntu1.1
  Ubuntu 16.10: ntp 1:4.2.8p8+dfsg-1ubuntu2.1
  Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.5
  Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11

Wind River VxWorks: solution for NTP.
The solution is indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability patch. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.