FreeBSD : ntp -- multiple vulnerabilities (af485ef4-1c58-11e8-8477-d05099c0ae8c)
High Nessus Plugin ID 107046
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Network Time Foundation reports :
The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11.
This release addresses five security issues in ntpd :
- LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack
- INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909 : ctl_getitem():
buffer read overrun leads to undefined behavior and information leak
- LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations
- LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state
- LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909 : Unauthenticated packet can reset authenticated interleaved association
one security issue in ntpq :
- MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909 : ntpq:decodearr() can write beyond its buffer limit
and provides over 33 bugfixes and 32 other improvements.
Solution
Update the affected packages.