FreeBSD : FreeBSD -- Multiple ntp vulnerabilities (7cfcea05-600a-11e6-a6c3-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Multiple vulnerabilities have been discovered in the NTP suite :

The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that could cause
ntpd to crash. [CVE-2016-4957, Reported by Nicolas Edet of Cisco]

An attacker who knows the origin timestamp and can send a spoofed
packet containing a CRYPTO-NAK to an ephemeral peer target before any
other response is sent can demobilize that association.
[CVE-2016-4953, Reported by Miroslav Lichvar of Red Hat]

An attacker who is able to spoof packets with correct origin
timestamps from enough servers before the expected response packets
arrive at the target machine can affect some peer variables and, for
example, cause a false leap indication to be set. [CVE-2016-4954,
Reported by Jakub Prokes of Red Hat]

An attacker who is able to spoof a packet with a correct origin
timestamp before the expected response packet arrives at the target
machine can send a CRYPTO_NAK or a bad MAC and cause the association's
peer variables to be cleared. If this can be done often enough, it
will prevent that association from working. [CVE-2016-4955, Reported
by Miroslav Lichvar of Red Hat]

The fix for NtpBug2978 does not cover broadcast associations, so
broadcast clients can be triggered to flip into interleave mode.
[CVE-2016-4956, Reported by Miroslav Lichvar of Red Hat.] Impact :
Malicious remote attackers may be able to break time synchronization,
or cause the ntpd(8) daemon to crash.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92927 ()

Bugtraq ID:

CVE ID: CVE-2016-4953

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now