Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p8 / 4.3.x < 4.3.93 Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote NTP server is affected by multiple vulnerabilities.

Description :

The version of the remote NTP server is 4.x prior to 4.2.8p8 or 4.3.x
prior to 4.3.93. It is, therefore, affected by the following
vulnerabilities :

- A denial of service vulnerability exists when handling
authentication due to improper packet timestamp checks.
An unauthenticated, remote attacker can exploit this,
via a specially crafted and spoofed packet, to
demobilize the ephemeral associations. (CVE-2016-4953)

- A flaw exists that is triggered when handling spoofed
packets. An unauthenticated, remote attacker can exploit
this, via specially crafted packets, to affect peer
variables (e.g., cause leap indications to be set). Note
that the attacker must be able to spoof packets with
correct origin timestamps from servers before expected
response packets arrive. (CVE-2016-4954)

- A flaw exists that is triggered when handling spoofed
packets. An unauthenticated, remote attacker can exploit
this, via specially crafted packets, to reset autokey
associations. Note that the attacker must be able to
spoof packets with correct origin timestamps from
servers before expected response packets arrive.
(CVE-2016-4955)

- A flaw exists when handling broadcast associations that
allows an unauthenticated, remote attacker to cause a
broadcast client to change into interleave mode.
(CVE-2016-4956)

- A denial of service vulnerability exists when handling
CRYPTO_NAK packets that allows an unauthenticated,
remote attacker to cause a crash. Note that this issue
only affects versions 4.2.8p7 and 4.3.92.
(CVE-2016-4957)

See also :

http://support.ntp.org/bin/view/Main/SecurityNotice
http://www.nessus.org/u?7bd9ab96
http://support.ntp.org/bin/view/Main/NtpBug3042
http://support.ntp.org/bin/view/Main/NtpBug3043
http://support.ntp.org/bin/view/Main/NtpBug3044
http://support.ntp.org/bin/view/Main/NtpBug3045
http://support.ntp.org/bin/view/Main/NtpBug3046

Solution :

Upgrade to NTP version 4.2.8p8 / 4.3.93 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 91515 ()

Bugtraq ID: 91010
91007
91009

CVE ID: CVE-2016-4953
CVE-2016-4954
CVE-2016-4955
CVE-2016-4956
CVE-2016-4957

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now