Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p2 Multiple Vulnerabilities

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote NTP server is affected by multiple vulnerabilities.

Description :

The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p2.
It is, therefore, affected by the following vulnerabilities :

- The symmetric-key feature in the receive() function
requires a correct message authentication code (MAC)
only if the MAC field has a nonzero length. A
man-in-the-middle attacker can exploit this to spoof
packets by omitting the MAC. (CVE-2015-1798)

- A flaw exists in the symmetric-key feature in the
receive() function when handling a specially crafted
packet sent to one of two hosts that are peering with
each other. An attacker can exploit this to cause the
next attempt by the servers to synchronize to fail.
(CVE-2015-1799)

- A flaw exists in util/ntp-keygen.c due to the way that
the ntp-keygen utility generates MD5 symmetric keys on
big-endian systems. A remote attacker can exploit this
to more easily guess MD5 symmetric keys and thereby
spoof an NTP server or client. (CVE-2015-3405)

See also :

http://support.ntp.org/bin/view/Main/SecurityNotice
http://www.nessus.org/u?9fd24f37
http://bugs.ntp.org/show_bug.cgi?id=2797

Solution :

Upgrade to NTP version 4.2.8p2 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 83744 ()

Bugtraq ID: 73950
73951
74045

CVE ID: CVE-2015-1798
CVE-2015-1799
CVE-2015-3405

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now