FreeBSD : ntp -- multiple vulnerabilities (b2487d9a-0c30-11e6-acd0-d050996490d0)

high Nessus Plugin ID 90742
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote FreeBSD host is missing one or more security-related updates.


Network Time Foundation reports :

NTF's NTP Project has been notified of the following low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p7, released on Tuesday, 26 April 2016 :

- Bug 3020 / CVE-2016-1551: Refclock impersonation vulnerability, AKA:
refclock-peering. Reported by Matt Street and others of Cisco ASIG

- Bug 3012 / CVE-2016-1549: Sybil vulnerability : ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY. Reported by Matthew Van Gundy of Cisco ASIG

- Bug 3011 / CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360

- Bug 3010 / CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360

- Bug 3009 / CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360

- Bug 3008 / CVE-2016-2519: ctl_getitem() return value not always checked. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360

- Bug 3007 / CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos.
Reported by Stephen Gray and Matthew Van Gundy of Cisco ASIG

- Bug 2978 / CVE-2016-1548: Interleave-pivot - MITIGATION ONLY.
Reported by Miroslav Lichvar of RedHat and separately by Jonathan Gardner of Cisco ASIG.

- Bug 2952 / CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken.
Reported by Michael Tatarinov, NTP Project Developer Volunteer

- Bug 2945 / Bug 2901 / CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks. Reported by Jonathan Gardner of Cisco ASIG

- Bug 2879 / CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA:
authdecrypt-timing. Reported independently by Loganaden Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 90742

File Name: freebsd_pkg_b2487d9a0c3011e6acd0d050996490d0.nasl

Version: 2.12

Type: local

Published: 4/27/2016

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 4.4


Risk Factor: High

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C


Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ntp, p-cpe:/a:freebsd:freebsd:ntp-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/27/2016

Vulnerability Publication Date: 4/26/2016

Reference Information

CVE: CVE-2015-7704, CVE-2015-8138, CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550, CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519

FreeBSD: SA-16:16.ntp