CERT/CC Vulnerability Note VU#374268

Overview

NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks.

Description

CVE-2015-1798, bug 2779:

In NTP4 installations utilizing symmetric key authentication, versions ntp-4.2.5p99 to ntp-4.2.8p1, packets with no message authentication code (MAC) are accepted as though they have a valid MAC. An attacker may be able to leverage this validation error to send packets that will be accepted by the client. The CVSS score reflects this issue.

CVE-2015-1799, bug 2781:

In NTP installations utilizing symmetric key authentication, including xntp3.3wy to version ntp-4.2.8p1, a denial of service condition is created when two peering hosts receive packets in which the originate and transmit timestamps do not match. An attacker who periodically sends such packets to both hosts can prevent synchronization.

For more information about these issues, visit NTP's security notice.

Impact

An unauthenticated attacker with network access may be able to inject packets or prevent peer synchronization among symmetrically authenticated hosts.

Solution

Apply an update

The NTP Project has released version ntp-4.2.8p2 to address these issues.

Vendor Information

374268

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Arista Networks, Inc. Affected

FreeBSD Project Affected

NTP Project Affected

EfficientIP Not Affected

ACCESS Unknown

AT&T Unknown

Alcatel-Lucent Unknown

Apple Unknown

Arch Linux Unknown

Avaya, Inc. Unknown

Barracuda Networks Unknown

Belkin, Inc. Unknown

Blue Coat Systems Unknown

Brocade Unknown

CA Technologies Unknown

CentOS Unknown

Check Point Software Technologies Unknown

Cisco Unknown

Cray Inc. Unknown

D-Link Systems, Inc. Unknown

Debian GNU/Linux Unknown

DesktopBSD Unknown

DragonFly BSD Project Unknown

EMC Corporation Unknown

Enterasys Networks Unknown

Ericsson Unknown

Extreme Networks Unknown

F5 Networks, Inc. Unknown

Fedora Project Unknown

Force10 Networks Unknown

Fortinet, Inc. Unknown

Fujitsu Unknown

Gentoo Linux Unknown

Global Technology Associates, Inc. Unknown

Hewlett-Packard Company Unknown

Hitachi Unknown

Huawei Technologies Unknown

IBM Corporation Unknown

IBM eServer Unknown

Infoblox Unknown

Intel Corporation Unknown

Intoto Unknown

Juniper Networks Unknown

Mandriva S. A. Unknown

McAfee Unknown

Microsemi Unknown

Microsoft Corporation Unknown

NEC Corporation Unknown

NetBSD Unknown

Nokia Unknown

Novell, Inc. Unknown

OmniTI Unknown

OpenBSD Unknown

Openwall GNU/*/Linux Unknown

Oracle Corporation Unknown

PC-BSD Unknown

Palo Alto Networks Unknown

Peplink Unknown

Process Software Unknown

Q1 Labs Unknown

QNX Software Systems Inc. Unknown

Quagga Unknown

Red Hat, Inc. Unknown

SUSE Linux Unknown

SafeNet Unknown

Slackware Linux Inc. Unknown

SmoothWall Unknown

Snort Unknown

Sony Corporation Unknown

Sourcefire Unknown

Stonesoft Unknown

Symantec Unknown

The SCO Group Unknown

TippingPoint Technologies Inc. Unknown

Turbolinux Unknown

Ubuntu Unknown

Unisys Unknown

VMware Unknown

Vyatta Unknown

Watchguard Technologies, Inc. Unknown

Wind River Unknown

ZyXEL Unknown

eSoft, Inc. Unknown

m0n0wall Unknown

openSUSE project Unknown

View all 85 vendors View less vendors

CVSS Metrics

Group	Score	Vector
Base	5.4	AV:A/AC:M/Au:N/C:P/I:P/A:P
Temporal	4.2	E:POC/RL:OF/RC:C
Environmental	4.2	CDP:N/TD:H/CR:ND/IR:ND/AR:ND

References

Acknowledgements

The NTP Project credits Miroslav Lichvar of Red Hat for reporting these issues.

This document was written by Joel Land.

Other Information

CVE IDs:	CVE-2015-1798, CVE-2015-1799
Date Public:	2015-04-07
Date First Published:	2015-04-07
Date Last Updated:	2015-04-10 18:36 UTC
Document Revision:	19

Software Engineering Institute

CERT Coordination Center

NTP Project ntpd reference implementation contains multiple vulnerabilities

Vulnerability Note VU#374268