http://support.ntp.org/bin/view/Main/NtpBug2918

http://support.ntp.org/bin/view/Main/SecurityNotice

http://www.talosintel.com/reports/TALOS-2015-0062/

According to its self-reported version number, the remote pfSense install is prior to 2.2.5. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.

NTP was updated to version 4.2.8p8 to fix several security issues and to ensure the continued maintainability of the package.

These security issues were fixed :

CVE-2016-4953: Bad authentication demobilized ephemeral associations (bsc#982065).

CVE-2016-4954: Processing spoofed server packets (bsc#982066).

CVE-2016-4955: Autokey association reset (bsc#982067).

CVE-2016-4956: Broadcast interleave (bsc#982068).

CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).

CVE-2016-1547: Validate crypto-NAKs to prevent ACRYPTO-NAK DoS (bsc#977459).

CVE-2016-1548: Prevent the change of time of an ntpd client or denying service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode (bsc#977461).

CVE-2016-1549: Sybil vulnerability: ephemeral association attack (bsc#977451).

CVE-2016-1550: Improve security against buffer comparison timing attacks (bsc#977464).

CVE-2016-1551: Refclock impersonation vulnerability (bsc#977450)y

CVE-2016-2516: Duplicate IPs on unconfig directives could have caused an assertion botch in ntpd (bsc#977452).

CVE-2016-2517: Remote configuration trustedkey/ requestkey/controlkey values are not properly validated (bsc#977455).

CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457).

CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458).

CVE-2015-8158: Potential Infinite Loop in ntpq (bsc#962966).

CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).

CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784).

CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000).

CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).

CVE-2015-7976: ntpq saveconfig command allowed dangerous characters in filenames (bsc#962802).

CVE-2015-7975: nextvar() missing length check (bsc#962988).

CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might have allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a 'skeleton' key (bsc#962960).

CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995).

CVE-2015-5300: MITM attacker can force ntpd to make a step larger than the panic threshold (bsc#951629).

CVE-2015-5194: Crash with crafted logconfig configuration command (bsc#943218).

CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#952611).

CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#952611).

CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#952611).

CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#952611).

CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#952611).

CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#952611).

CVE-2015-7850: Clients that receive a KoD now validate the origin timestamp field (bsc#952611).

CVE-2015-7849: Prevent use-after-free trusted key (bsc#952611).

CVE-2015-7848: Prevent mode 7 loop counter underrun (bsc#952611).

CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#952611).

CVE-2015-7703: Configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#943221).

CVE-2015-7704: Clients that receive a KoD should validate the origin timestamp field (bsc#952611).

CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#952611).

CVE-2015-7691: Incomplete autokey data packet length checks (bsc#952611).

CVE-2015-7692: Incomplete autokey data packet length checks (bsc#952611).

CVE-2015-7702: Incomplete autokey data packet length checks (bsc#952611).

CVE-2015-1798: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP required a correct MAC only if the MAC field has a nonzero length, which made it easier for man-in-the-middle attackers to spoof packets by omitting the MAC (bsc#924202).

CVE-2015-1799: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP performed state-variable updates upon receiving certain invalid packets, which made it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer (bsc#924202).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201607-15 (NTP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in NTP. Please review the       CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

This update for ntp fixes the following issues :

  - Update to 4.2.8p7 (boo#977446) :

  - CVE-2016-1547, boo#977459: Validate crypto-NAKs, AKA:
    CRYPTO-NAK DoS.

  - CVE-2016-1548, boo#977461: Interleave-pivot

  - CVE-2016-1549, boo#977451: Sybil vulnerability:
    ephemeral association attack.

  - CVE-2016-1550, boo#977464: Improve NTP security against     buffer comparison timing attacks.

  - CVE-2016-1551, boo#977450: Refclock impersonation     vulnerability

  - CVE-2016-2516, boo#977452: Duplicate IPs on unconfig     directives will cause an assertion botch in ntpd.

  - CVE-2016-2517, boo#977455: remote configuration     trustedkey/ requestkey/controlkey values are not     properly validated.

  - CVE-2016-2518, boo#977457: Crafted addpeer with hmode >     7 causes array wraparound with MATCH_ASSOC.

  - CVE-2016-2519, boo#977458: ctl_getitem() return value     not always checked.

  - integrate ntp-fork.patch

  - Improve the fixes for: CVE-2015-7704, CVE-2015-7705,     CVE-2015-7974

  - Restrict the parser in the startup script to the first     occurrance of 'keys' and 'controlkey' in ntp.conf     (boo#957226).

  - Enable compile-time support for MS-SNTP     (--enable-ntp-signd). This replaces the w32 patches in     4.2.4 that added the authreg directive. (fate#320758).

  - Fix ntp-sntp-dst.patch (boo#975496).

  - Call /usr/sbin/sntp with full path to synchronize in     start-ntpd. When run as cron job, /usr/sbin/ is not in     the path, which caused the synchronization to fail.
    (boo#962318)

  - Speedup ntpq (boo#782060, ntp-speedup-ntpq.patch).

  - Sync service files with openSUSE Factory.

  - Fix the TZ offset output of sntp during DST     (boo#951559).

  - Add ntp-fork.patch and build with threads disabled to     allow name resolution even when running chrooted.

  - Update to 4.2.8p6 :

  - CVE-2015-8158, boo#962966: Potential Infinite Loop in     ntpq.

  - CVE-2015-8138, boo#963002: origin: Zero Origin Timestamp     Bypass.

  - CVE-2015-7979, boo#962784: Off-path Denial of Service     (DoS) attack on authenticated broadcast mode.

  - CVE-2015-7978, boo#963000: Stack exhaustion in recursive     traversal of restriction list.

  - CVE-2015-7977, boo#962970: reslist NULL pointer     dereference.

  - CVE-2015-7976, boo#962802: ntpq saveconfig command     allows dangerous characters in filenames.

  - CVE-2015-7975, boo#962988: nextvar() missing length     check.

  - CVE-2015-7974, boo#962960: Skeleton Key: Missing key     check allows impersonation between authenticated peers.

  - CVE-2015-7973, boo#962995: Deja Vu: Replay attack on     authenticated broadcast mode.

  - CVE-2015-8140: ntpq vulnerable to replay attacks.

  - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose     origin.

  - CVE-2015-5300, boo#951629: Small-step/Big-step.

  - Add /var/db/ntp-kod (boo#916617).

  - Add ntp-ENOBUFS.patch to limit a warning that might     happen quite a lot on loaded systems (boo#956773).

  - add ntp.bug2965.diff (boo#954982)

  - fixes regression in 4.2.8p4 update

  - Update to 4.2.8p4 to fix several security issues     (boo#951608) :

  - CVE-2015-7871: NAK to the Future: Symmetric association     authentication bypass via crypto-NAK

  - CVE-2015-7855: decodenetnum() will ASSERT botch instead     of returning FAIL on some bogus values

  - CVE-2015-7854: Password Length Memory Corruption     Vulnerability

  - CVE-2015-7853: Invalid length data provided by a custom     refclock driver could cause a buffer overflow

  - CVE-2015-7852 ntpq atoascii() Memory Corruption     Vulnerability

  - CVE-2015-7851 saveconfig Directory Traversal     Vulnerability

  - CVE-2015-7850 remote config logfile-keyfile

  - CVE-2015-7849 trusted key use-after-free

  - CVE-2015-7848 mode 7 loop counter underrun

  - CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC

  - CVE-2015-7703 configuration directives 'pidfile' and     'driftfile' should only be allowed locally

  - CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD     should validate the origin timestamp field

  - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete     autokey data packet length checks

  - obsoletes ntp-memlock.patch.

  - Add a controlkey line to /etc/ntp.conf if one does not     already exist to allow runtime configuuration via ntpq.

  - Temporarily disable memlock to avoid problems due to     high memory usage during name resolution (boo#946386,     ntp-memlock.patch).

  - Use SHA1 instead of MD5 for symmetric keys (boo#905885).

  - Improve runtime configuration :

  - Read keytype from ntp.conf

  - Don't write ntp keys to syslog.

  - Fix legacy action scripts to pass on command line     arguments.

  - Remove ntp.1.gz, it wasn't installed anymore.

  - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep     ntptime.8.gz. The rest is partially irrelevant,     partially redundant and potentially outdated     (boo#942587).

  - Remove 'kod' from the restrict line in ntp.conf     (boo#944300).

  - Use ntpq instead of deprecated ntpdc in start-ntpd     (boo#936327).

  - Add a controlkey to ntp.conf to make the above work.

  - Don't let 'keysdir' lines in ntp.conf trigger the 'keys'     parser.

  - Disable mode 7 (ntpdc) again, now that we don't use it     anymore.

  - Add 'addserver' as a new legacy action.

  - Fix the comment regarding addserver in ntp.conf     (boo#910063).

  - Update to version 4.2.8p3 which incorporates all     security fixes and most other patches we have so far     (fate#319040). More information on:
    http://archive.ntp.org/ntp4/ChangeLog-stable

  - Disable chroot by default (boo#926510).

  - Enable ntpdc for backwards compatibility (boo#920238).

  - Security fix: ntp-keygen may generate non-random     symmetric keys

This network time protocol server ntp was updated to 4.2.8p6 to fix the following issues :

Also yast2-ntp-client was updated to match some sntp syntax changes.
(bsc#937837)

Major functional changes :

  - The 'sntp' commandline tool changed its option handling     in a major way.

  - 'controlkey 1' is added during update to ntp.conf to     allow sntp to work.

  - The local clock is being disabled during update.

  - ntpd is no longer running chrooted.

Other functional changes :

  - ntp-signd is installed.

  - 'enable mode7' can be added to the configuration to     allow ntdpc to work as compatibility mode option.

  - 'kod' was removed from the default restrictions.

  - SHA1 keys are used by default instead of MD5 keys.

These security issues were fixed :

  - CVE-2015-5219: An endless loop due to incorrect     precision to double conversion (bsc#943216).

  - CVE-2015-8158: Fixed potential infinite loop in ntpq     (bsc#962966).

  - CVE-2015-8138: Zero Origin Timestamp Bypass     (bsc#963002).

  - CVE-2015-7979: Off-path Denial of Service (DoS) attack     on authenticated broadcast mode (bsc#962784).

  - CVE-2015-7978: Stack exhaustion in recursive traversal     of restriction list (bsc#963000).

  - CVE-2015-7977: reslist NULL pointer dereference     (bsc#962970).

  - CVE-2015-7976: ntpq saveconfig command allows dangerous     characters in filenames (bsc#962802).

  - CVE-2015-7975: nextvar() missing length check     (bsc#962988).

  - CVE-2015-7974: Skeleton Key: Missing key check allows     impersonation between authenticated peers (bsc#962960).

  - CVE-2015-7973: Replay attack on authenticated broadcast     mode (bsc#962995).

  - CVE-2015-8140: ntpq vulnerable to replay attacks     (bsc#962994).

  - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose     origin (bsc#962997).

  - CVE-2015-5300: MITM attacker could have forced ntpd to     make a step larger than the panic threshold     (bsc#951629).

  - CVE-2015-7871: NAK to the Future: Symmetric association     authentication bypass via crypto-NAK (bsc#951608).

  - CVE-2015-7855: decodenetnum() will ASSERT botch instead     of returning FAIL on some bogus values (bsc#951608).

  - CVE-2015-7854: Password Length Memory Corruption     Vulnerability (bsc#951608).

  - CVE-2015-7853: Invalid length data provided by a custom     refclock driver could cause a buffer overflow     (bsc#951608).

  - CVE-2015-7852: ntpq atoascii() Memory Corruption     Vulnerability (bsc#951608).

  - CVE-2015-7851: saveconfig Directory Traversal     Vulnerability (bsc#951608).

  - CVE-2015-7850: remote config logfile-keyfile     (bsc#951608).

  - CVE-2015-7849: trusted key use-after-free (bsc#951608).

  - CVE-2015-7848: mode 7 loop counter underrun     (bsc#951608).

  - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC     (bsc#951608).

  - CVE-2015-7703: configuration directives 'pidfile' and     'driftfile' should only be allowed locally (bsc#951608).

  - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD     should validate the origin timestamp field (bsc#951608).

  - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete     autokey data packet length checks (bsc#951608).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ntp was updated to version 4.2.8p6 to fix 28 security issues.

Major functional changes :

  - The 'sntp' commandline tool changed its option handling     in a major way, some options have been renamed or     dropped.

  - 'controlkey 1' is added during update to ntp.conf to     allow sntp to work.

  - The local clock is being disabled during update.

  - ntpd is no longer running chrooted.

Other functional changes :

  - ntp-signd is installed.

  - 'enable mode7' can be added to the configuration to     allow ntdpc to work as compatibility mode option.

  - 'kod' was removed from the default restrictions.

  - SHA1 keys are used by default instead of MD5 keys.

Also yast2-ntp-client was updated to match some sntp syntax changes.
(bsc#937837)

These security issues were fixed :

  - CVE-2015-8158: Fixed potential infinite loop in ntpq     (bsc#962966).

  - CVE-2015-8138: Zero Origin Timestamp Bypass     (bsc#963002).

  - CVE-2015-7979: Off-path Denial of Service (DoS) attack     on authenticated broadcast mode (bsc#962784).

  - CVE-2015-7978: Stack exhaustion in recursive traversal     of restriction list (bsc#963000).

  - CVE-2015-7977: reslist NULL pointer dereference     (bsc#962970).

  - CVE-2015-7976: ntpq saveconfig command allows dangerous     characters in filenames (bsc#962802).

  - CVE-2015-7975: nextvar() missing length check     (bsc#962988).

  - CVE-2015-7974: Skeleton Key: Missing key check allows     impersonation between authenticated peers (bsc#962960).

  - CVE-2015-7973: Replay attack on authenticated broadcast     mode (bsc#962995).

  - CVE-2015-8140: ntpq vulnerable to replay attacks     (bsc#962994).

  - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose     origin (bsc#962997).

  - CVE-2015-5300: MITM attacker could have forced ntpd to     make a step larger than the panic threshold     (bsc#951629).

  - CVE-2015-7871: NAK to the Future: Symmetric association     authentication bypass via crypto-NAK (bsc#951608).

  - CVE-2015-7855: decodenetnum() will ASSERT botch instead     of returning FAIL on some bogus values (bsc#951608).

  - CVE-2015-7854: Password Length Memory Corruption     Vulnerability (bsc#951608).

  - CVE-2015-7853: Invalid length data provided by a custom     refclock driver could cause a buffer overflow     (bsc#951608).

  - CVE-2015-7852: ntpq atoascii() Memory Corruption     Vulnerability (bsc#951608).

  - CVE-2015-7851: saveconfig Directory Traversal     Vulnerability (bsc#951608).

  - CVE-2015-7850: remote config logfile-keyfile     (bsc#951608).

  - CVE-2015-7849: trusted key use-after-free (bsc#951608).

  - CVE-2015-7848: mode 7 loop counter underrun     (bsc#951608).

  - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC     (bsc#951608).

  - CVE-2015-7703: configuration directives 'pidfile' and     'driftfile' should only be allowed locally (bsc#951608).

  - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD     should validate the origin timestamp field (bsc#951608).

  - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete     autokey data packet length checks (bsc#951608).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This ntp update provides the following security and non security fixes :

  - Update to 4.2.8p4 to fix several security issues     (bsc#951608) :

  - CVE-2015-7871: NAK to the Future: Symmetric association     authentication bypass via crypto-NAK

  - CVE-2015-7855: decodenetnum() will ASSERT botch instead     of returning FAIL on some bogus values

  - CVE-2015-7854: Password Length Memory Corruption     Vulnerability

  - CVE-2015-7853: Invalid length data provided by a custom     refclock driver could cause a buffer overflow

  - CVE-2015-7852 ntpq atoascii() Memory Corruption     Vulnerability

  - CVE-2015-7851 saveconfig Directory Traversal     Vulnerability

  - CVE-2015-7850 remote config logfile-keyfile

  - CVE-2015-7849 trusted key use-after-free

  - CVE-2015-7848 mode 7 loop counter underrun

  - CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC

  - CVE-2015-7703 configuration directives 'pidfile' and     'driftfile' should only be allowed locally

  - CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD     should validate the origin timestamp field

  - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete     autokey data packet length checks

  - Use ntpq instead of deprecated ntpdc in start-ntpd     (bnc#936327).

  - Add a controlkey to ntp.conf to make the above work.

  - Improve runtime configuration :

  - Read keytype from ntp.conf

  - Don't write ntp keys to syslog.

  - Don't let 'keysdir' lines in ntp.conf trigger the 'keys'     parser.

  - Fix the comment regarding addserver in ntp.conf     (bnc#910063).

  - Remove ntp.1.gz, it wasn't installed anymore.

  - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep     ntptime.8.gz. The rest is partially irrelevant,     partially redundant and potentially outdated     (bsc#942587).

  - Remove 'kod' from the restrict line in ntp.conf     (bsc#944300).

  - Use SHA1 instead of MD5 for symmetric keys (bsc#905885).

  - Require perl-Socket6 (bsc#942441).

  - Fix incomplete backporting of 'rcntp ntptimemset'.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This ntp update provides the following security and non security fixes :

  - Update to 4.2.8p4 to fix several security issues     (bsc#951608) :

  - CVE-2015-7871: NAK to the Future: Symmetric association     authentication bypass via crypto-NAK

  - CVE-2015-7855: decodenetnum() will ASSERT botch instead     of returning FAIL on some bogus values

  - CVE-2015-7854: Password Length Memory Corruption     Vulnerability

  - CVE-2015-7853: Invalid length data provided by a custom     refclock driver could cause a buffer overflow

  - CVE-2015-7852 ntpq atoascii() Memory Corruption     Vulnerability

  - CVE-2015-7851 saveconfig Directory Traversal     Vulnerability

  - CVE-2015-7850 remote config logfile-keyfile

  - CVE-2015-7849 trusted key use-after-free

  - CVE-2015-7848 mode 7 loop counter underrun

  - CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC

  - CVE-2015-7703 configuration directives 'pidfile' and     'driftfile' should only be allowed locally

  - CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD     should validate the origin timestamp field

  - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete     autokey data packet length checks

  - obsoletes ntp-memlock.patch.

  - Add a controlkey line to /etc/ntp.conf if one does not     already exist to allow runtime configuuration via ntpq.

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

Several security issues where found in ntp :

CVE-2015-5146

A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if :

  - ntpd enabled remote configuration

  - The attacker had the knowledge of the configuration     password

  - The attacker had access to a computer entrusted to     perform remote configuration

    Note that remote configuration is disabled by default in     NTP. 

CVE-2015-5194

It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands.

CVE-2015-5195

It was found that ntpd exits with a segmentation fault when a statistics type that was not enabled during compilation (e.g.
timingstats) is referenced by the statistics or filegen configuration command

CVE-2015-5219

It was discovered that sntp program would hang in an infinite loop when a crafted NTP packet was received, related to the conversion of the precision value in the packet to double.

CVE-2015-5300

It was found that ntpd did not correctly implement the -g option:
Normally, ntpd exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, ntpd will exit with a message to the system log. This option can be used with the -q and -x options. ntpd could actually step the clock multiple times by more than the panic threshold if its clock discipline doesn't have enough time to reach the sync state and stay there for at least one update. If a man-in-the-middle attacker can control the NTP traffic since ntpd was started (or maybe up to 15-30 minutes after that), they can prevent the client from reaching the sync state and force it to step its clock by any amount any number of times, which can be used by attackers to expire certificates, etc.
This is contrary to what the documentation says. Normally, the assumption is that an MITM attacker can step the clock more than the panic threshold only once when ntpd starts and to make a larger adjustment the attacker has to divide it into multiple smaller steps, each taking 15 minutes, which is slow.

CVE-2015-7691, CVE-2015-7692, CVE-2015-7702

It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash.

CVE-2015-7701

A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd is configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory.

CVE-2015-7703

Miroslav Lichv&aacute;r of Red Hat found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). For example: ntpq -c ':config pidfile /tmp/ntp.pid' ntpq -c ':config driftfile /tmp/ntp.drift' In Debian ntpd is configured to drop root privileges, which limits the impact of this issue.

CVE-2015-7704

When ntpd as an NTP client receives a Kiss-of-Death (KoD) packet from the server to reduce its polling rate, it doesn't check if the originate timestamp in the reply matches the transmit timestamp from its request. An off-path attacker can send a crafted KoD packet to the client, which will increase the client's polling interval to a large value and effectively disable synchronization with the server.

CVE-2015-7850

An exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol. A specially crafted configuration file could cause an endless loop resulting in a denial of service. An attacker could provide a the malicious configuration file to trigger this vulnerability.

CVE-2015-7851

A potential path traversal vulnerability exists in the config file saving of ntpd on VMS. A specially crafted path could cause a path traversal potentially resulting in files being overwritten. An attacker could provide a malicious path to trigger this vulnerability.

This issue does not affect Debian.

CVE-2015-7852

A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffer overflow potentially resulting in null byte being written out of bounds.

CVE-2015-7855

It was found that NTP's decodenetnum() would abort with an assertion failure when processing a mode 6 or mode 7 packet containing an unusually long data value where a network address was expected. This could allow an authenticated attacker to crash ntpd.

CVE-2015-7871

An error handling logic error exists within ntpd that manifests due to improper error condition handling associated with certain crypto-NAK packets. An unauthenticated, off&shy;-path attacker can force ntpd processes on targeted servers to peer with time sources of the attacker's choosing by transmitting symmetric active crypto&shy;-NAK packets to ntpd. This attack bypasses the authentication typically required to establish a peer association and allows an attacker to make arbitrary changes to system time.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p4.
It is, therefore, affected by the following vulnerabilities :

  - A flaw exists in the ntp_crypto.c file due to improper     validation of the 'vallen' value in extension fields. An     unauthenticated, remote attacker can exploit this, via     specially crafted autokey packets, to disclose     sensitive information or cause a denial of service.
    (CVE-2015-7691)

  - A denial of service vulnerability exists in the autokey     functionality due to a failure in the crypto_bob2(),     crypto_bob3(), and cert_sign() functions to properly     validate the 'vallen' value. An unauthenticated, remote     attacker can exploit this, via specially crafted autokey     packets, to crash the NTP service. (CVE-2015-7692)

  - A denial of service vulnerability exists in the     crypto_recv() function in the file ntp_crypto.c related     to autokey functionality. An unauthenticated, remote     attacker can exploit this, via an ongoing flood of NTPv4     autokey requests, to exhaust memory resources.
    (CVE-2015-7701)

  - A denial of service vulnerability exists due to improper     validation of packets containing certain autokey     operations. An unauthenticated, remote attacker can     exploit this, via specially crafted autokey packets,     to crash the NTP service. (CVE-2015-7702)

  - A flaw exists related to the handling of the 'config:'     command. An authenticated, remote attacker can exploit     this to set the 'pidfile' and 'driftfile' directives     without restrictions, thus allowing the attacker to     overwrite arbitrary files. Note that exploitation of     this issue requires that remote configuration is enabled     for ntpd. (CVE-2015-7703)

  - A denial of service vulnerability exists due improper     validation of the origin timestamp when handling     Kiss-of-Death (KoD) packets. An unauthenticated, remote     attacker can exploit this to stop the client from     querying its servers, preventing it from updating its     clock. (CVE-2015-7704)

  - A denial of service vulnerability exists due to improper     implementation of rate-limiting when handling server     queries. An unauthenticated, remote attacker can exploit     this to stop the client from querying its servers,     preventing it from updating its clock. (CVE-2015-7705)

  - A denial of service vulnerability exists due to an     integer overflow condition in the reset_peer() function     in the file ntp_request.c when handling private mode     packets having request code RESET_PEER (0x16). An     authenticated, remote attacker can exploit this to crash     the NTP service. Note that exploitation of this issue     requires that ntpd is configured to enable mode 7     packets, and that the mode 7 packets are not properly     protected by available authentication and restriction     mechanisms. (CVE-2015-7848)

  - A use-after-free error exists in the auth_delkeys()     function in the file authkeys.c when handling trusted     keys. An authenticated, remote attacker can exploit this     to dereference already freed memory, resulting in a     crash of the NTP service or the execution of arbitrary     code. (CVE-2015-7849)

  - A denial of service vulnerability exists due to a logic     flaw in the authreadkeys() function in the file     authreadkeys.c when handling extended logging where the     log and key files are set to be the same file. An     authenticated, remote attacker can exploit this, via a     crafted set of remote configuration requests, to cause     the NTP service to stop responding. (CVE-2015-7850)

  - A flaw exists in the save_config() function in the file     ntp_control.c due to improper sanitization of     user-supplied input. An authenticated, remote attacker     can exploit this issue, via a crafted set of     configuration requests, to overwrite arbitrary files.
    Note that this issue only affects VMS systems and     requires that ntpd is configured to allow remote     configuration. (CVE-2015-7851)

  - A denial of service vulnerability exists due to an     off-by-one overflow condition in the cookedprint()     function in the file ntpq.c when handling mode 6     response packets. An unauthenticated, remote attacker     can exploit this to crash the NTP service.
    (CVE-2015-7852)

  - A overflow condition exists in the     read_refclock_packet() function in the file ntp_io.c     when handling negative data lengths. A local attacker     can exploit this to crash the NTP service or possibly     gain elevated privileges. (CVE-2015-7853)

  - A heap-based overflow condition exists in function     MD5auth_setkey() in the file authkeys.c when handling     passwords. An authenticated, remote attacker can exploit     this, via a crafted set of configuration requests, to     crash the NTP service or possibly execute arbitrary     code. (CVE-2015-7854)

  - A denial of service vulnerability exists due to an     assertion flaw in the decodenetnum() function in the     file decodenetnum.c when handling long data values in     mode 6 and 7 packets. An unauthenticated, remote     attacker can exploit this to crash the NTP service.
    (CVE-2015-7855)

  - An authentication bypass vulnerability exists in the     receive() function in the file ntp_proto.c when handling     crypto-NAK packets. An unauthenticated, remote attacker     can exploit this to cause the service to accept time     from unauthenticated, ephemeral symmetric peers.
    (CVE-2015-7871)

ntp.org reports :

NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015 :

- Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK (Cisco ASIG)

- Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (IDA)

- Bug 2921 CVE-2015-7854 Password Length Memory Corruption Vulnerability. (Cisco TALOS)

- Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock driver could cause a buffer overflow. (Cisco TALOS)

- Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability. (Cisco TALOS)

- Bug 2918 CVE-2015-7851 saveconfig Directory Traversal Vulnerability.
(OpenVMS) (Cisco TALOS)

- Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS)

- Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS)

- Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS)

- Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable)

- Bug 2902 : CVE-2015-7703 configuration directives 'pidfile' and 'driftfile' should only be allowed locally. (RedHat)

- Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field. (Boston University)

- Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks. (Tenable)

The only generally-exploitable bug in the above list is the crypto-NAK bug, which has a CVSS2 score of 6.4.

Additionally, three bugs that have already been fixed in ntp-4.2.8 but were not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all below 1.8 CVSS score, so we're reporting them here :

- Bug 2382 : Peer precision < -31 gives division by zero

- Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL

- Bug 1593 : ntpd abort in free() with logconfig syntax error

ID	Name	Product	Family	Severity
106497	pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08)	Nessus	Firewalls	high
93186	SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)	Nessus	SuSE Local Security Checks	critical
92485	GLSA-201607-15 : NTP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
91403	openSUSE Security Update : ntp (openSUSE-2016-649)	Nessus	SuSE Local Security Checks	critical
91248	SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1)	Nessus	SuSE Local Security Checks	critical
90991	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1247-1)	Nessus	SuSE Local Security Checks	critical
87010	SUSE SLED11 / SLES11 Security Update : ntp (SUSE-SU-2015:2058-1)	Nessus	SuSE Local Security Checks	critical
86964	openSUSE Security Update : ntp (openSUSE-2015-767)	Nessus	SuSE Local Security Checks	critical
86664	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2015-302-03)	Nessus	Slackware Local Security Checks	critical
86640	Debian DLA-335-1 : ntp security update	Nessus	Debian Local Security Checks	critical
86631	Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple Vulnerabilities	Nessus	Misc.	critical
86519	FreeBSD : ntp -- 13 low- and medium-severity vulnerabilities (c4a18a12-77fc-11e5-a687-206a8a720317)	Nessus	FreeBSD Local Security Checks	critical

CVE-2015-7851

MEDIUM

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical