SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)

High Nessus Plugin ID 93186


The remote SUSE host is missing one or more security updates.


NTP was updated to version 4.2.8p8 to fix several security issues and to ensure the continued maintainability of the package.

These security issues were fixed :

CVE-2016-4953: Bad authentication demobilized ephemeral associations (bsc#982065).

CVE-2016-4954: Processing spoofed server packets (bsc#982066).

CVE-2016-4955: Autokey association reset (bsc#982067).

CVE-2016-4956: Broadcast interleave (bsc#982068).

CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).

CVE-2016-1547: Validate crypto-NAKs to prevent ACRYPTO-NAK DoS (bsc#977459).

CVE-2016-1548: Prevent the change of time of an ntpd client or denying service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode (bsc#977461).

CVE-2016-1549: Sybil vulnerability: ephemeral association attack (bsc#977451).

CVE-2016-1550: Improve security against buffer comparison timing attacks (bsc#977464).

CVE-2016-1551: Refclock impersonation vulnerability (bsc#977450)y

CVE-2016-2516: Duplicate IPs on unconfig directives could have caused an assertion botch in ntpd (bsc#977452).

CVE-2016-2517: Remote configuration trustedkey/ requestkey/controlkey values are not properly validated (bsc#977455).

CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457).

CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458).

CVE-2015-8158: Potential Infinite Loop in ntpq (bsc#962966).

CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).

CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784).

CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000).

CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).

CVE-2015-7976: ntpq saveconfig command allowed dangerous characters in filenames (bsc#962802).

CVE-2015-7975: nextvar() missing length check (bsc#962988).

CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might have allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a 'skeleton' key (bsc#962960).

CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995).

CVE-2015-5300: MITM attacker can force ntpd to make a step larger than the panic threshold (bsc#951629).

CVE-2015-5194: Crash with crafted logconfig configuration command (bsc#943218).

CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#952611).

CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#952611).

CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#952611).

CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#952611).

CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#952611).

CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#952611).

CVE-2015-7850: Clients that receive a KoD now validate the origin timestamp field (bsc#952611).

CVE-2015-7849: Prevent use-after-free trusted key (bsc#952611).

CVE-2015-7848: Prevent mode 7 loop counter underrun (bsc#952611).

CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#952611).

CVE-2015-7703: Configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#943221).

CVE-2015-7704: Clients that receive a KoD should validate the origin timestamp field (bsc#952611).

CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#952611).

CVE-2015-7691: Incomplete autokey data packet length checks (bsc#952611).

CVE-2015-7692: Incomplete autokey data packet length checks (bsc#952611).

CVE-2015-7702: Incomplete autokey data packet length checks (bsc#952611).

CVE-2015-1798: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP required a correct MAC only if the MAC field has a nonzero length, which made it easier for man-in-the-middle attackers to spoof packets by omitting the MAC (bsc#924202).

CVE-2015-1799: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP performed state-variable updates upon receiving certain invalid packets, which made it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer (bsc#924202).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected ntp packages

See Also

Plugin Details

Severity: High

ID: 93186

File Name: suse_SU-2016-1912-1.nasl

Version: $Revision: 2.11 $

Type: local

Agent: unix

Published: 2016/08/29

Modified: 2018/01/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 9.8

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:ntp, p-cpe:/a:novell:suse_linux:ntp-doc, cpe:/o:novell:suse_linux:10

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/07/29

Reference Information

CVE: CVE-2015-1798, CVE-2015-1799, CVE-2015-5194, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158, CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550, CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-4957

BID: 73950, 73951

OSVDB: 116071, 120350, 120351, 126663, 126666, 129298, 129299, 129300, 129301, 129302, 129303, 129304, 129305, 129306, 129307, 129308, 129309, 129310, 129311, 129315, 133378, 133382, 133383, 133384, 133385, 133386, 133387, 133388, 133391, 133414, 137711, 137712, 137713, 137714, 137731, 137732, 137733, 137734, 137735, 139280, 139281, 139282, 139283, 139284

TRA: TRA-2015-04