FreeBSD : FreeBSD -- Multiple ntp vulnerabilities (7cfcea05-600a-11e6-a6c3-14dae9d210b8)
Medium Nessus Plugin ID 92927
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionMultiple vulnerabilities have been discovered in the NTP suite :
The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that could cause ntpd to crash. [CVE-2016-4957, Reported by Nicolas Edet of Cisco]
An attacker who knows the origin timestamp and can send a spoofed packet containing a CRYPTO-NAK to an ephemeral peer target before any other response is sent can demobilize that association.
[CVE-2016-4953, Reported by Miroslav Lichvar of Red Hat]
An attacker who is able to spoof packets with correct origin timestamps from enough servers before the expected response packets arrive at the target machine can affect some peer variables and, for example, cause a false leap indication to be set. [CVE-2016-4954, Reported by Jakub Prokes of Red Hat]
An attacker who is able to spoof a packet with a correct origin timestamp before the expected response packet arrives at the target machine can send a CRYPTO_NAK or a bad MAC and cause the association's peer variables to be cleared. If this can be done often enough, it will prevent that association from working. [CVE-2016-4955, Reported by Miroslav Lichvar of Red Hat]
The fix for NtpBug2978 does not cover broadcast associations, so broadcast clients can be triggered to flip into interleave mode.
[CVE-2016-4956, Reported by Miroslav Lichvar of Red Hat.] Impact :
Malicious remote attackers may be able to break time synchronization, or cause the ntpd(8) daemon to crash.
SolutionUpdate the affected packages.