Cisco Prime Security Manager Network Time Protocol Daemon (ntpd) Multiple Vulnerabilities (cisco-sa-20141222-ntpd)
High Nessus Plugin ID 81980
SynopsisThe management application running on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the version of Cisco Prime Security Manager running on the remote host is prior to 22.214.171.124.
It is, therefore, affected by multiple vulnerabilities in the bundled NTP libraries :
- A security weakness exists due to the config_auth() function improperly generating default keys when no authentication key is defined in the 'ntp.conf' file.
Key size is limited to 31 bits and the insecure ntp_random() function is used, resulting in cryptographically-weak keys with insufficient entropy.
This allows a remote attacker to defeat cryptographic protection mechanisms via a brute-force attack.
- A security weakness exists due the use of a weak seed to prepare a random number generator used to generate symmetric keys. This allows remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (CVE-2014-9294)
- Multiple stack-based buffer overflows exist due to improperly validated user-supplied input when handling packets in the crypto_recv(), ctl_putdata(), and configure() functions when using autokey authentication.
This allows a remote attacker, via a specially crafted packet, to cause a denial of service condition or execute arbitrary code. (CVE-2014-9295)
- A unspecified vulnerability exists due to missing return statements in the receive() function, resulting in continued processing even when an authentication error is encountered. This allows a remote attacker, via crafted packets, to trigger unintended association changes. (CVE-2014-9296)
SolutionUpgrade to Cisco Prime Security Manager 126.96.36.199. Note that version 188.8.131.52 is scheduled for release on May 15th, 2015.