FreeBSD : ntp -- multiple vulnerabilities (af485ef4-1c58-11e8-8477-d05099c0ae8c)

High Nessus Plugin ID 107046

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Network Time Foundation reports :

The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11.

This release addresses five security issues in ntpd :

- LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack

- INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909 : ctl_getitem():
buffer read overrun leads to undefined behavior and information leak

- LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations

- LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state

- LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909 : Unauthenticated packet can reset authenticated interleaved association

one security issue in ntpq :

- MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909 : ntpq:decodearr() can write beyond its buffer limit

and provides over 33 bugfixes and 32 other improvements.

Solution

Update the affected packages.

FreeBSD : ntp -- multiple vulnerabilities (af485ef4-1c58-11e8-8477-d05099c0ae8c)

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Reference Information