SUSE SLES11 Security Update : ntp (SUSE-SU-2020:14415-1)

high Nessus Plugin ID 150680
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14415-1 advisory.

- ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.
(CVE-2018-8956)

- ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. (CVE-2020-11868)

- ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. (CVE-2020-13817)

- ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. (CVE-2020-15025)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ntp and / or ntp-doc packages.

See Also

https://bugzilla.suse.com/1169740

https://bugzilla.suse.com/1171355

https://bugzilla.suse.com/1172651

https://bugzilla.suse.com/1173334

http://www.nessus.org/u?84bd7b7c

https://www.suse.com/security/cve/CVE-2018-8956

https://www.suse.com/security/cve/CVE-2020-11868

https://www.suse.com/security/cve/CVE-2020-13817

https://www.suse.com/security/cve/CVE-2020-15025

Plugin Details

Severity: High

ID: 150680

File Name: suse_SU-2020-14415-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 6/10/2021

Updated: 6/10/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2020-13817

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:ntp, p-cpe:/a:novell:suse_linux:ntp-doc, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/1/2020

Vulnerability Publication Date: 4/17/2020

Reference Information

CVE: CVE-2018-8956, CVE-2020-11868, CVE-2020-13817, CVE-2020-15025

SuSE: SUSE-SU-2020:14415-1

IAVA: 2020-A-0167-S, 2020-A-0289