FreeBSD : ntp -- multiple vulnerabilities (5237f5d7-c020-11e5-b397-d050996490d0)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Network Time Foundation reports :

NTF's NTP Project has been notified of the following low- and
medium-severity vulnerabilities that are fixed in ntp-4.2.8p6,
released on Tuesday, 19 January 2016 :

- Bug 2948 / CVE-2015-8158: Potential Infinite Loop in ntpq. Reported
by Cisco ASIG.

- Bug 2945 / CVE-2015-8138: origin: Zero Origin Timestamp Bypass.
Reported by Cisco ASIG.

- Bug 2942 / CVE-2015-7979: Off-path Denial of Service (DoS) attack on
authenticated broadcast mode. Reported by Cisco ASIG.

- Bug 2940 / CVE-2015-7978: Stack exhaustion in recursive traversal of
restriction list. Reported by Cisco ASIG.

- Bug 2939 / CVE-2015-7977: reslist NULL pointer dereference. Reported
by Cisco ASIG.

- Bug 2938 / CVE-2015-7976: ntpq saveconfig command allows dangerous
characters in filenames. Reported by Cisco ASIG.

- Bug 2937 / CVE-2015-7975: nextvar() missing length check. Reported
by Cisco ASIG.

- Bug 2936 / CVE-2015-7974: Skeleton Key: Missing key check allows
impersonation between authenticated peers. Reported by Cisco ASIG.

- Bug 2935 / CVE-2015-7973: Deja Vu: Replay attack on authenticated
broadcast mode. Reported by Cisco ASIG.

Additionally, mitigations are published for the following two issues :

- Bug 2947 / CVE-2015-8140: ntpq vulnerable to replay attacks.
Reported by Cisco ASIG.

- Bug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose
origin. Reported by Cisco ASIG.

See also :

http://www.nessus.org/u?d42322ca
http://www.nessus.org/u?5469abda

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now