OracleVM 3.3 / 3.4 : ntp (OVMSA-2016-0082)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- don't allow spoofed packets to demobilize associations
(CVE-2015-7979, CVE-2016-1547)

- don't allow spoofed packet to enable symmetric
interleaved mode (CVE-2016-1548)

- check mode of new source in config command
(CVE-2016-2518)

- make MAC check resilient against timing attack
(CVE-2016-1550)

- don't accept server/peer packets with zero origin
timestamp (CVE-2015-8138)

- fix crash with reslist command (CVE-2015-7977,
CVE-2015-7978)

- fix crash with invalid logconfig command (CVE-2015-5194)

- fix crash when referencing disabled statistic type
(CVE-2015-5195)

- don't hang in sntp with crafted reply (CVE-2015-5219)

- don't crash with crafted autokey packet (CVE-2015-7691,
CVE-2015-7692, CVE-2015-7702)

- fix memory leak with autokey (CVE-2015-7701)

- don't allow setting driftfile and pidfile remotely
(CVE-2015-7703)

- don't crash in ntpq with crafted packet (CVE-2015-7852)

- add option to set Differentiated Services Code Point
(DSCP) (#1228314)

- extend rawstats log (#1242895)

- fix resetting of leap status (#1243034)

- report clock state changes related to leap seconds
(#1242937)

- allow -4/-6 on restrict lines with mask (#1232146)

- retry joining multicast groups (#1288534)

- explain synchronised state in ntpstat man page
(#1286969)

- check origin timestamp before accepting KoD RATE packet
(CVE-2015-7704)

- allow only one step larger than panic threshold with -g
(CVE-2015-5300)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000470.html
https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000469.html
https://www.tenable.com/security/research/tra-2015-04

Solution :

Update the affected ntp / ntpdate packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now