Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : ntp vulnerabilities (USN-2567-1)

Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Miroslav Lichvar discovered that NTP incorrectly validated MAC fields.
A remote attacker could possibly use this issue to bypass
authentication and spoof packets. (CVE-2015-1798)

Miroslav Lichvar discovered that NTP incorrectly handled certain
invalid packets. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2015-1799)

Juergen Perlinger discovered that NTP incorrectly generated MD5 keys
on big-endian platforms. This issue could either cause ntp-keygen to
hang, or could result in non-random keys. (CVE number pending).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected ntp package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 82765 ()

Bugtraq ID: 73950
73951

CVE ID: CVE-2015-1798
CVE-2015-1799

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now