CERT/CC Vulnerability Note VU#321640

Overview

NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities.

Description

NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTP's security advisory listing and in the individual links below.

CRYPTO-NAK denial of service introduced in Sec 3007 patch. See Sec 3046, CVE-2016-4957. The CVSS score below describes this vulnerability.

Bad authentication demobilizes ephemeral associations. See Sec 3045, CVE-2016-4953.

Processing of spoofed server packets affects peer variables. See Sec 3044, CVE-2016-4954.

Autokey associations may be reset when repeatedly receiving spoofed packets. See Sec 3043, CVE-2016-4955.

Broadcast associations are not covered in Sec 2978 patch, which may be leveraged to flip broadcast clients into interleave mode. See Sec 3042, CVE-2016-4956.

Impact

Unauthenticated, remote attackers may be able to spoof or send specially crafted packets to create denial of service conditions.

Solution

Apply an update

The vendor has released version 4.2.8p8 to address these issues. Users are encouraged to update to the latest release. Those unable to update should consider mitigations listed in NTP's security advisory listing.

Vendor Information

321640

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

FreeBSD Project Affected

NTP Project Affected

ACCESS Unknown

AT&T Unknown

Alcatel-Lucent Unknown

Apple Unknown

Arista Networks, Inc. Unknown

Aruba Networks Unknown

Avaya, Inc. Unknown

Belkin, Inc. Unknown

Blue Coat Systems Unknown

CA Technologies Unknown

CentOS Unknown

Check Point Software Technologies Unknown

Cisco Unknown

CoreOS Unknown

D-Link Systems, Inc. Unknown

Debian GNU/Linux Unknown

DesktopBSD Unknown

DragonFly BSD Project Unknown

EMC Corporation Unknown

EfficientIP SAS Unknown

Enterasys Networks Unknown

Ericsson Unknown

Extreme Networks Unknown

F5 Networks, Inc. Unknown

Fedora Project Unknown

Force10 Networks Unknown

Gentoo Linux Unknown

Google Unknown

Hardened BSD Unknown

Hewlett Packard Enterprise Unknown

Hitachi Unknown

Huawei Technologies Unknown

IBM Corporation Unknown

Infoblox Unknown

Intel Corporation Unknown

Internet Systems Consortium Unknown

Internet Systems Consortium - DHCP Unknown

Juniper Networks Unknown

Lenovo Unknown

McAfee Unknown

Microsoft Corporation Unknown

NEC Corporation Unknown

NTPsec Unknown

NetBSD Unknown

Nokia Unknown

Nominum Unknown

OmniTI Unknown

OpenBSD Unknown

OpenDNS Unknown

Openwall GNU/*/Linux Unknown

Oracle Corporation Unknown

Peplink Unknown

Q1 Labs Unknown

QNX Software Systems Inc. Unknown

Red Hat, Inc. Unknown

SUSE Linux Unknown

SafeNet Unknown

Secure64 Software Corporation Unknown

Slackware Linux Inc. Unknown

SmoothWall Unknown

Snort Unknown

Sony Corporation Unknown

Sourcefire Unknown

Symantec Unknown

TippingPoint Technologies Inc. Unknown

Turbolinux Unknown

Ubuntu Unknown

Unisys Unknown

VMware Unknown

Wind River Unknown

dnsmasq Unknown

m0n0wall Unknown

openSUSE project Unknown

View all 75 vendors View less vendors

CVSS Metrics

Group	Score	Vector
Base	7.8	AV:N/AC:L/Au:N/C:N/I:N/A:C
Temporal	6.4	E:F/RL:OF/RC:C
Environmental	6.4	CDP:N/TD:H/CR:ND/IR:ND/AR:ND

References

Acknowledgements

The NTP Project credits Nicolas Edet of Cisco, Miroslav Lichvar of Red Hat, and Jakub Prokes of Red Hat for reporting these vulnerabilities.

This document was written by Joel Land.

Other Information

CVE IDs:	CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-4957
Date Public:	2016-06-02
Date First Published:	2016-06-02
Date Last Updated:	2016-06-06 14:21 UTC
Document Revision:	9

Software Engineering Institute

CERT Coordination Center

NTP.org ntpd is vulnerable to denial of service and other vulnerabilities

Vulnerability Note VU#321640