F5 Networks BIG-IP : NTP vulnerability (K17516)

Medium Nessus Plugin ID 88815

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. (CVE-2015-7852)

Impact

While the scope of the impact is limited, an attacker may be able to craft response packets that cause ntpq to exit. There is no data plane exposure for the BIG-IP system, and this issue can only be exposed when an instance of ntpq is running in interactive mode.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K17516.

See Also

https://support.f5.com/csp/article/K17516

Plugin Details

Severity: Medium

ID: 88815

File Name: f5_bigip_SOL17516.nasl

Version: 2.11

Type: local

Published: 2016/02/18

Updated: 2019/01/04

Dependencies: 76940

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/a:f5:big-ip_wan_optimization_manager, cpe:/a:f5:big-ip_webaccelerator, cpe:/h:f5:big-ip, cpe:/h:f5:big-ip_protocol_security_manager

Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version, Settings/ParanoidReport

Patch Publication Date: 2015/11/02

Reference Information

CVE: CVE-2015-7852