Amazon Linux AMI : ntp (ALAS-2015-520)

medium Nessus Plugin ID 83271

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
(CVE-2015-1798)

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
(CVE-2015-1799)

This update also addresses leap-second handling. With older ntp versions, the -x option was sometimes used as a workaround to avoid kernel inserting/deleting leap seconds by stepping the clock and possibly upsetting running applications. That no longer works with 4.2.6 as ntpd steps the clock itself when a leap second occurs. The fix is to treat the one second offset gained during leap second as a normal offset and check the stepping threshold (set by -x or tinker step) to decide if a step should be applied. See this forum post for more information on the Amazon Linux AMI's leap-second handling.

Solution

Run 'yum update ntp' to update your system.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1196635

https://forums.aws.amazon.com/ann.jspa?annID=3064

https://alas.aws.amazon.com/ALAS-2015-520.html

Plugin Details

Severity: Medium

ID: 83271

File Name: ala_ALAS-2015-520.nasl

Version: 1.3

Type: local

Agent: unix

Published: 5/7/2015

Updated: 4/18/2018

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:ntp, p-cpe:/a:amazon:linux:ntp-debuginfo, p-cpe:/a:amazon:linux:ntp-doc, p-cpe:/a:amazon:linux:ntp-perl, p-cpe:/a:amazon:linux:ntpdate, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 5/5/2015

Reference Information

CVE: CVE-2015-1798, CVE-2015-1799

ALAS: 2015-520