Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : ntp vulnerabilities (USN-3349-1)

Ubuntu Security Notice (C) 2017 Canonical, Inc. / NASL script (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Yihan Lian discovered that NTP incorrectly handled certain large
request data values. A remote attacker could possibly use this issue
to cause NTP to crash, resulting in a denial of service. This issue
only affected Ubuntu 16.04 LTS. (CVE-2016-2519)

Miroslav Lichvar discovered that NTP incorrectly handled certain
spoofed addresses when performing rate limiting. A remote attacker
could possibly use this issue to perform a denial of service. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu
16.10. (CVE-2016-7426)

Matthew Van Gundy discovered that NTP incorrectly handled certain
crafted broadcast mode packets. A remote attacker could possibly use
this issue to perform a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427,
CVE-2016-7428)

Miroslav Lichvar discovered that NTP incorrectly handled certain
responses. A remote attacker could possibly use this issue to perform
a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu
16.04 LTS, and Ubuntu 16.10. (CVE-2016-7429)

Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly
handled origin timestamps of zero. A remote attacker could possibly
use this issue to bypass the origin timestamp protection mechanism.
This issue only affected Ubuntu 16.10. (CVE-2016-7431)

Brian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that
NTP incorrectly performed initial sync calculations. This issue only
applied to Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7433)

Magnus Stubman discovered that NTP incorrectly handled certain mrulist
queries. A remote attacker could possibly use this issue to cause NTP
to crash, resulting in a denial of service. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7434)

Matthew Van Gund discovered that NTP incorrectly handled origin
timestamp checks. A remote attacker could possibly use this issue to
perform a denial of service. This issue only affected Ubuntu Ubuntu
16.10, and Ubuntu 17.04. (CVE-2016-9042)

Matthew Van Gundy discovered that NTP incorrectly handled certain
control mode packets. A remote attacker could use this issue to set or
unset traps. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04
LTS and Ubuntu 16.10. (CVE-2016-9310)

Matthew Van Gundy discovered that NTP incorrectly handled the trap
service. A remote attacker could possibly use this issue to cause NTP
to crash, resulting in a denial of service. This issue only applied to
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9311)

It was discovered that NTP incorrectly handled memory when processing
long variables. A remote authenticated user could possibly use this
issue to cause NTP to crash, resulting in a denial of service.
(CVE-2017-6458)

It was discovered that NTP incorrectly handled memory when processing
long variables. A remote authenticated user could possibly use this
issue to cause NTP to crash, resulting in a denial of service. This
issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04.
(CVE-2017-6460)

It was discovered that the NTP legacy DPTS refclock driver incorrectly
handled the /dev/datum device. A local attacker could possibly use
this issue to cause a denial of service. (CVE-2017-6462)

It was discovered that NTP incorrectly handled certain invalid
settings in a :config directive. A remote authenticated user could
possibly use this issue to cause NTP to crash, resulting in a denial
of service. (CVE-2017-6463)

It was discovered that NTP incorrectly handled certain invalid mode
configuration directives. A remote authenticated user could possibly
use this issue to cause NTP to crash, resulting in a denial of
service. (CVE-2017-6464).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected ntp package.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now