FreeBSD : ntp -- 13 low- and medium-severity vulnerabilities (c4a18a12-77fc-11e5-a687-206a8a720317)

High Nessus Plugin ID 86519

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

ntp.org reports :

NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015 :

- Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK (Cisco ASIG)

- Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (IDA)

- Bug 2921 CVE-2015-7854 Password Length Memory Corruption Vulnerability. (Cisco TALOS)

- Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock driver could cause a buffer overflow. (Cisco TALOS)

- Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability. (Cisco TALOS)

- Bug 2918 CVE-2015-7851 saveconfig Directory Traversal Vulnerability.
(OpenVMS) (Cisco TALOS)

- Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS)

- Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS)

- Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS)

- Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable)

- Bug 2902 : CVE-2015-7703 configuration directives 'pidfile' and 'driftfile' should only be allowed locally. (RedHat)

- Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field. (Boston University)

- Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks. (Tenable)

The only generally-exploitable bug in the above list is the crypto-NAK bug, which has a CVSS2 score of 6.4.

Additionally, three bugs that have already been fixed in ntp-4.2.8 but were not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all below 1.8 CVSS score, so we're reporting them here :

- Bug 2382 : Peer precision < -31 gives division by zero

- Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL

- Bug 1593 : ntpd abort in free() with logconfig syntax error

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?fec88bd0

http://www.nessus.org/u?43b814f1

https://www.tenable.com/security/research/tra-2015-04

Plugin Details

Severity: High

ID: 86519

File Name: freebsd_pkg_c4a18a1277fc11e5a687206a8a720317.nasl

Version: 2.16

Type: local

Published: 2015/10/22

Updated: 2020/09/23

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ntp, p-cpe:/a:freebsd:freebsd:ntp-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/10/21

Vulnerability Publication Date: 2015/10/21

Reference Information

CVE: CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871

FreeBSD: SA-15:25.ntp

TRA: TRA-2015-04