Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : ntp vulnerabilities (USN-2783-1)

Ubuntu Security Notice (C) 2015-2017 Canonical, Inc. / NASL script (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Aleksis Kauppinen discovered that NTP incorrectly handled certain
remote config packets. In a non-default configuration, a remote
authenticated attacker could possibly use this issue to cause NTP to
crash, resulting in a denial of service. (CVE-2015-5146)

Miroslav Lichvar discovered that NTP incorrectly handled logconfig
directives. In a non-default configuration, a remote authenticated
attacker could possibly use this issue to cause NTP to crash,
resulting in a denial of service. (CVE-2015-5194)

Miroslav Lichvar discovered that NTP incorrectly handled certain
statistics types. In a non-default configuration, a remote
authenticated attacker could possibly use this issue to cause NTP to
crash, resulting in a denial of service. (CVE-2015-5195)

Miroslav Lichvar discovered that NTP incorrectly handled certain file
paths. In a non-default configuration, a remote authenticated attacker
could possibly use this issue to cause NTP to crash, resulting in a
denial of service, or overwrite certain files. (CVE-2015-5196,
CVE-2015-7703)

Miroslav Lichvar discovered that NTP incorrectly handled certain
packets. A remote attacker could possibly use this issue to cause NTP
to hang, resulting in a denial of service. (CVE-2015-5219)

Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that
NTP incorrectly handled restarting after hitting a panic threshold. A
remote attacker could possibly use this issue to alter the system time
on clients. (CVE-2015-5300)

It was discovered that NTP incorrectly handled autokey data packets. A
remote attacker could possibly use this issue to cause NTP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)

It was discovered that NTP incorrectly handled memory when processing
certain autokey messages. A remote attacker could possibly use this
issue to cause NTP to consume memory, resulting in a denial of
service. (CVE-2015-7701)

Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that
NTP incorrectly handled rate limiting. A remote attacker could
possibly use this issue to cause clients to stop updating their clock.
(CVE-2015-7704, CVE-2015-7705)

Yves Younan discovered that NTP incorrectly handled logfile and
keyfile directives. In a non-default configuration, a remote
authenticated attacker could possibly use this issue to cause NTP to
enter a loop, resulting in a denial of service. (CVE-2015-7850)

Yves Younan and Aleksander Nikolich discovered that NTP incorrectly
handled ascii conversion. A remote attacker could possibly use this
issue to cause NTP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2015-7852)

Yves Younan discovered that NTP incorrectly handled reference clock
memory. A malicious refclock could possibly use this issue to cause
NTP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2015-7853)

John D 'Doug' Birdwell discovered that NTP incorrectly handled
decoding certain bogus values. An attacker could possibly use this
issue to cause NTP to crash, resulting in a denial of service.
(CVE-2015-7855)

Stephen Gray discovered that NTP incorrectly handled symmetric
association authentication. A remote attacker could use this issue to
possibly bypass authentication and alter the system clock.
(CVE-2015-7871)

In the default installation, attackers would be isolated by the NTP
AppArmor profile.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://www.tenable.com/security/research/tra-2015-04

Solution :

Update the affected ntp package.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now