http://bugs.ntp.org/3046

SUSE-SU-2016:1563

openSUSE-SU-2016:1583

SUSE-SU-2016:1584

SUSE-SU-2016:1602

openSUSE-SU-2016:1636

http://support.ntp.org/bin/view/Main/NtpBug3046

http://support.ntp.org/bin/view/Main/SecurityNotice

VU#321640

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

1036037

FreeBSD-SA-16:24

GLSA-201607-15

The version of NTP installed on the remote AIX host is affected by the following vulnerabilities :

  - A time serving flaw exists in the trusted key system     due to improper key checks. An authenticated, remote     attacker can exploit this to perform impersonation     attacks between authenticated peers. (CVE-2015-7974)

  - A denial of service vulnerability exists due to improper     handling of a crafted Crypto NAK Packet with a source     address spoofed to match that of an existing associated     peer. An unauthenticated, remote attacker can exploit     this to demobilize a client association. (CVE-2016-1547)

  - An information disclosure vulnerability exists in the     message authentication functionality in libntp that is     triggered during the handling of a series of specially     crafted messages. An adjacent attacker can exploit this     to partially recover the message digest key.
    (CVE-2016-1550)

  - A flaw exists due to improper filtering of IPv4 'bogon'     packets received from a network. An unauthenticated,     remote attacker can exploit this to spoof packets to     appear to come from a specific reference clock.
    (CVE-2016-1551)

  - A denial of service vulnerability exists that allows an     authenticated, remote attacker to manipulate the value     of the trustedkey, controlkey, or requestkey via a     crafted packet, preventing authentication with ntpd     until the daemon has been restarted. (CVE-2016-2517)

  - An out-of-bounds read error exists in the MATCH_ASSOC()     function that occurs during the creation of peer     associations with hmode greater than 7. An     authenticated, remote attacker can exploit this, via a     specially crafted packet, to cause a denial of service.
    (CVE-2016-2518)

  - An overflow condition exists in the ctl_getitem()     function in ntpd due to improper validation of     user-supplied input when reporting return values. An     authenticated, remote attacker can exploit this to cause     ntpd to abort. (CVE-2016-2519)

  - A denial of service vulnerability exists when handling     authentication due to improper packet timestamp checks.
    An unauthenticated, remote attacker can exploit this,     via a specially crafted and spoofed packet, to     demobilize the ephemeral associations. (CVE-2016-4953)

  - A flaw exists that is triggered when handling spoofed     packets. An unauthenticated, remote attacker can exploit     this, via specially crafted packets, to affect peer     variables (e.g., cause leap indications to be set). Note     that the attacker must be able to spoof packets with     correct origin timestamps from servers before expected     response packets arrive. (CVE-2016-4954)

  - A flaw exists that is triggered when handling spoofed     packets. An unauthenticated, remote attacker can exploit     this, via specially crafted packets, to reset autokey     associations. Note that the attacker must be able to     spoof packets with correct origin timestamps from     servers before expected response packets arrive.
    (CVE-2016-4955)

  - A denial of service vulnerability exists when handling     CRYPTO_NAK packets that allows an unauthenticated,     remote attacker to cause a crash. (CVE-2016-4957)

NTP was updated to version 4.2.8p8 to fix several security issues and to ensure the continued maintainability of the package.

These security issues were fixed :

CVE-2016-4953: Bad authentication demobilized ephemeral associations (bsc#982065).

CVE-2016-4954: Processing spoofed server packets (bsc#982066).

CVE-2016-4955: Autokey association reset (bsc#982067).

CVE-2016-4956: Broadcast interleave (bsc#982068).

CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).

CVE-2016-1547: Validate crypto-NAKs to prevent ACRYPTO-NAK DoS (bsc#977459).

CVE-2016-1548: Prevent the change of time of an ntpd client or denying service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode (bsc#977461).

CVE-2016-1549: Sybil vulnerability: ephemeral association attack (bsc#977451).

CVE-2016-1550: Improve security against buffer comparison timing attacks (bsc#977464).

CVE-2016-1551: Refclock impersonation vulnerability (bsc#977450)y

CVE-2016-2516: Duplicate IPs on unconfig directives could have caused an assertion botch in ntpd (bsc#977452).

CVE-2016-2517: Remote configuration trustedkey/ requestkey/controlkey values are not properly validated (bsc#977455).

CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457).

CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458).

CVE-2015-8158: Potential Infinite Loop in ntpq (bsc#962966).

CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).

CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784).

CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000).

CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).

CVE-2015-7976: ntpq saveconfig command allowed dangerous characters in filenames (bsc#962802).

CVE-2015-7975: nextvar() missing length check (bsc#962988).

CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might have allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a 'skeleton' key (bsc#962960).

CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995).

CVE-2015-5300: MITM attacker can force ntpd to make a step larger than the panic threshold (bsc#951629).

CVE-2015-5194: Crash with crafted logconfig configuration command (bsc#943218).

CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#952611).

CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#952611).

CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#952611).

CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#952611).

CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#952611).

CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#952611).

CVE-2015-7850: Clients that receive a KoD now validate the origin timestamp field (bsc#952611).

CVE-2015-7849: Prevent use-after-free trusted key (bsc#952611).

CVE-2015-7848: Prevent mode 7 loop counter underrun (bsc#952611).

CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#952611).

CVE-2015-7703: Configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#943221).

CVE-2015-7704: Clients that receive a KoD should validate the origin timestamp field (bsc#952611).

CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#952611).

CVE-2015-7691: Incomplete autokey data packet length checks (bsc#952611).

CVE-2015-7692: Incomplete autokey data packet length checks (bsc#952611).

CVE-2015-7702: Incomplete autokey data packet length checks (bsc#952611).

CVE-2015-1798: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP required a correct MAC only if the MAC field has a nonzero length, which made it easier for man-in-the-middle attackers to spoof packets by omitting the MAC (bsc#924202).

CVE-2015-1799: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP performed state-variable updates upon receiving certain invalid packets, which made it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer (bsc#924202).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ntp was updated to version 4.2.8p8 to fix five security issues.

These security issues were fixed :

  - CVE-2016-4953: Bad authentication demobilizes ephemeral     associations (bsc#982065).

  - CVE-2016-4954: Processing spoofed server packets     (bsc#982066).

  - CVE-2016-4955: Autokey association reset (bsc#982067).

  - CVE-2016-4956: Broadcast interleave (bsc#982068).

  - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been discovered in the NTP suite :

The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that could cause ntpd to crash. [CVE-2016-4957, Reported by Nicolas Edet of Cisco]

An attacker who knows the origin timestamp and can send a spoofed packet containing a CRYPTO-NAK to an ephemeral peer target before any other response is sent can demobilize that association.
[CVE-2016-4953, Reported by Miroslav Lichvar of Red Hat]

An attacker who is able to spoof packets with correct origin timestamps from enough servers before the expected response packets arrive at the target machine can affect some peer variables and, for example, cause a false leap indication to be set. [CVE-2016-4954, Reported by Jakub Prokes of Red Hat]

An attacker who is able to spoof a packet with a correct origin timestamp before the expected response packet arrives at the target machine can send a CRYPTO_NAK or a bad MAC and cause the association's peer variables to be cleared. If this can be done often enough, it will prevent that association from working. [CVE-2016-4955, Reported by Miroslav Lichvar of Red Hat]

The fix for NtpBug2978 does not cover broadcast associations, so broadcast clients can be triggered to flip into interleave mode.
[CVE-2016-4956, Reported by Miroslav Lichvar of Red Hat.] Impact :
Malicious remote attackers may be able to break time synchronization, or cause the ntpd(8) daemon to crash.

The remote host is affected by the vulnerability described in GLSA-201607-15 (NTP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in NTP. Please review the       CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

ntp was updated to version 4.2.8p8 to fix five security issues.

These security issues were fixed :

  - CVE-2016-4953: Bad authentication demobilizes ephemeral     associations (bsc#982065).

  - CVE-2016-4954: Processing spoofed server packets     (bsc#982066).

  - CVE-2016-4955: Autokey association reset (bsc#982067).

  - CVE-2016-4956: Broadcast interleave (bsc#982068).

  - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).

These non-security issues were fixed :

  - Keep the parent process alive until the daemon has     finished initialisation, to make sure that the PID file     exists when the parent returns.

  - bsc#979302: Change the process name of the forking DNS     worker process to avoid the impression that ntpd is     started twice.

  - bsc#981422: Don't ignore SIGCHILD because it breaks     wait().

  - bsc#979981: ntp-wait does not accept fractional seconds,     so use 1 instead of 0.2 in ntp-wait.service.

  - Separate the creation of ntp.keys and key #1 in it to     avoid problems when upgrading installations that have     the file, but no key #1, which is needed e.g. by 'rcntp     addserver'.

This update was imported from the SUSE:SLE-12-SP1:Update update project.

ntp was updated to version 4.2.8p8 to fix 17 security issues.

These security issues were fixed :

  - CVE-2016-4956: Broadcast interleave (bsc#982068).

  - CVE-2016-2518: Crafted addpeer with hmode > 7 causes     array wraparound with MATCH_ASSOC (bsc#977457).

  - CVE-2016-2519: ctl_getitem() return value not always     checked (bsc#977458).

  - CVE-2016-4954: Processing spoofed server packets     (bsc#982066).

  - CVE-2016-4955: Autokey association reset (bsc#982067).

  - CVE-2015-7974: NTP did not verify peer associations of     symmetric keys when authenticating packets, which might     allowed remote attackers to conduct impersonation     attacks via an arbitrary trusted key, aka a 'skeleton     key (bsc#962960).

  - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).

  - CVE-2016-2516: Duplicate IPs on unconfig directives will     cause an assertion botch (bsc#977452).

  - CVE-2016-2517: Remote configuration     trustedkey/requestkey values are not properly validated     (bsc#977455).

  - CVE-2016-4953: Bad authentication demobilizes ephemeral     associations (bsc#982065).

  - CVE-2016-1547: CRYPTO-NAK DoS (bsc#977459).

  - CVE-2016-1551: Refclock impersonation vulnerability,     AKA: refclock-peering (bsc#977450).

  - CVE-2016-1550: Improve NTP security against buffer     comparison timing attacks, authdecrypt-timing, AKA:
    authdecrypt-timing (bsc#977464).

  - CVE-2016-1548: Interleave-pivot - MITIGATION ONLY     (bsc#977461).

  - CVE-2016-1549: Sybil vulnerability: ephemeral     association attack, AKA: ntp-sybil - MITIGATION ONLY     (bsc#977451).

This release also contained improved patches for CVE-2015-7704, CVE-2015-7705, CVE-2015-7974.

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ntp was updated to fix five security issues.

These security issues were fixed :

  - CVE-2016-4953: Bad authentication demobilizes ephemeral     associations (bsc#982065).

  - CVE-2016-4954: Processing spoofed server packets     (bsc#982066).

  - CVE-2016-4955: Autokey association reset (bsc#982067).

  - CVE-2016-4956: Broadcast interleave (bsc#982068).

  - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).

These non-security issues were fixed :

  - bsc#979302: Change the process name of the forking DNS     worker process to avoid the impression that ntpd is     started twice.

  - bsc#979981: ntp-wait does not accept fractional seconds,     so use 1 instead of 0.2 in ntp-wait.service.

  - bsc#981422: Don't ignore SIGCHILD because it breaks     wait().

  - Separate the creation of ntp.keys and key #1 in it to     avoid problems when upgrading installations that have     the file, but no key #1, which is needed e.g. by 'rcntp     addserver'.

The version of the remote NTP server is 4.x prior to 4.2.8p8 or 4.3.x prior to 4.3.93. It is, therefore, affected by the following vulnerabilities :
  - A denial of service vulnerability exists when handling     authentication due to improper packet timestamp checks.
    An unauthenticated, remote attacker can exploit this,     via a specially crafted and spoofed packet, to     demobilize the ephemeral associations. (CVE-2016-4953)

  - A flaw exists that is triggered when handling spoofed     packets. An unauthenticated, remote attacker can exploit     this, via specially crafted packets, to affect peer     variables (e.g., cause leap indications to be set). Note     that the attacker must be able to spoof packets with     correct origin timestamps from servers before expected     response packets arrive. (CVE-2016-4954)

  - A flaw exists that is triggered when handling spoofed     packets. An unauthenticated, remote attacker can exploit     this, via specially crafted packets, to reset autokey     associations. Note that the attacker must be able to     spoof packets with correct origin timestamps from     servers before expected response packets arrive.
    (CVE-2016-4955)

  - A flaw exists when handling broadcast associations that     allows an unauthenticated, remote attacker to cause a     broadcast client to change into interleave mode.
    (CVE-2016-4956)

  - A denial of service vulnerability exists when handling     CRYPTO_NAK packets that allows an unauthenticated,     remote attacker to cause a crash. Note that this issue     only affects versions 4.2.8p7 and 4.3.92.
    (CVE-2016-4957)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

ID	Name	Product	Family	Severity
99183	AIX NTP v4 Advisory : ntp_advisory7.asc (IV87278) (IV87279)	Nessus	AIX Local Security Checks	medium
93186	SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)	Nessus	SuSE Local Security Checks	high
93153	SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1602-1)	Nessus	SuSE Local Security Checks	medium
92927	FreeBSD : FreeBSD -- Multiple ntp vulnerabilities (7cfcea05-600a-11e6-a6c3-14dae9d210b8)	Nessus	FreeBSD Local Security Checks	medium
92485	GLSA-201607-15 : NTP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
91721	openSUSE Security Update : ntp (openSUSE-2016-750)	Nessus	SuSE Local Security Checks	medium
91666	SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1584-1)	Nessus	SuSE Local Security Checks	medium
91663	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1568-1)	Nessus	SuSE Local Security Checks	high
91662	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1563-1)	Nessus	SuSE Local Security Checks	medium
91630	openSUSE Security Update : ntp (openSUSE-2016-727)	Nessus	SuSE Local Security Checks	medium
91515	Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p8 / 4.3.x < 4.3.93 Multiple Vulnerabilities	Nessus	Misc.	medium
91462	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-155-01)	Nessus	Slackware Local Security Checks	medium

CVE-2016-4957

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins