FreeBSD : ntp -- multiple vulnerabilities (b2487d9a-0c30-11e6-acd0-d050996490d0)

High Nessus Plugin ID 90742


The remote FreeBSD host is missing one or more security-related updates.


Network Time Foundation reports :

NTF's NTP Project has been notified of the following low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p7, released on Tuesday, 26 April 2016 :

- Bug 3020 / CVE-2016-1551: Refclock impersonation vulnerability, AKA:
refclock-peering. Reported by Matt Street and others of Cisco ASIG

- Bug 3012 / CVE-2016-1549: Sybil vulnerability : ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY. Reported by Matthew Van Gundy of Cisco ASIG

- Bug 3011 / CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360

- Bug 3010 / CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360

- Bug 3009 / CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360

- Bug 3008 / CVE-2016-2519: ctl_getitem() return value not always checked. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360

- Bug 3007 / CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos.
Reported by Stephen Gray and Matthew Van Gundy of Cisco ASIG

- Bug 2978 / CVE-2016-1548: Interleave-pivot - MITIGATION ONLY.
Reported by Miroslav Lichvar of RedHat and separately by Jonathan Gardner of Cisco ASIG.

- Bug 2952 / CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken.
Reported by Michael Tatarinov, NTP Project Developer Volunteer

- Bug 2945 / Bug 2901 / CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks. Reported by Jonathan Gardner of Cisco ASIG

- Bug 2879 / CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA:
authdecrypt-timing. Reported independently by Loganaden Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 90742

File Name: freebsd_pkg_b2487d9a0c3011e6acd0d050996490d0.nasl

Version: $Revision: 2.10 $

Type: local

Published: 2016/04/27

Modified: 2018/01/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C


Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ntp, p-cpe:/a:freebsd:freebsd:ntp-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2016/04/27

Vulnerability Publication Date: 2016/04/26

Reference Information

CVE: CVE-2015-7704, CVE-2015-8138, CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550, CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519

FreeBSD: SA-16:16.ntp