Vulnerabilities > CVE-2015-1798 - Code vulnerability in NTP
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | Ntp
| 691 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2015-5874.NASL description Security fix for CVE-2015-1799, CVE-2015-1798, #1210324 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-04-23 plugin id 83010 published 2015-04-23 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83010 title Fedora 20 : ntp-4.2.6p5-22.fc20 (2015-5874) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-5874. # include("compat.inc"); if (description) { script_id(83010); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-1798", "CVE-2015-1799"); script_bugtraq_id(73950, 73951); script_xref(name:"FEDORA", value:"2015-5874"); script_name(english:"Fedora 20 : ntp-4.2.6p5-22.fc20 (2015-5874)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2015-1799, CVE-2015-1798, #1210324 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1199430" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1199435" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1210324" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?313a62f6" ); script_set_attribute(attribute:"solution", value:"Update the affected ntp package."); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ntp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"ntp-4.2.6p5-22.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp"); }
NASL family Misc. NASL id NTP_4_2_8P3.NASL description The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p3. It is, therefore, affected by the following vulnerability : - ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. (CVE-2015-1798) last seen 2020-06-01 modified 2020-06-02 plugin id 121310 published 2019-01-22 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121310 title Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p3 Denial Of Service Vulnerability NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201509-01.NASL description The remote host is affected by the vulnerability described in GLSA-201509-01 (NTP: Multiple vulnerablities) Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 86132 published 2015-09-25 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86132 title GLSA-201509-01 : NTP: Multiple vulnerablities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1459.NASL description From Red Hat Security Advisory 2015:1459 : Updated ntp packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 85111 published 2015-07-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85111 title Oracle Linux 6 : ntp (ELSA-2015-1459) NASL family MacOS X Local Security Checks NASL id MACOSX_10_10_4.NASL description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.4. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl - AppleThunderboltEDMService - ATS - Bluetooth - Certificate Trust Policy - CFNetwork HTTPAuthentication - CoreText - coreTLS - DiskImages - Display Drivers - EFI - FontParser - Graphics Driver - ImageIO - Install Framework Legacy - Intel Graphics Driver - IOAcceleratorFamily - IOFireWireFamily - Kernel - kext tools - Mail - ntfs - ntp - OpenSSL - QuickTime - Security - Spotlight - SQLite - System Stats - TrueTypeScaler - zip Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 84488 published 2015-07-01 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84488 title Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam) NASL family CISCO NASL id CISCO_ACE_A5_3_3.NASL description The Cisco Application Control Engine (ACE) software installed on the remote Cisco ACE 4710 device or ACE30 module is version A5 prior to A5(3.3). It is, therefore, affected by multiple vulnerabilities : - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176) - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner last seen 2020-06-01 modified 2020-06-02 plugin id 91427 published 2016-06-01 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91427 title Cisco ACE 4710 Appliance / ACE30 Module Multiple Vulnerabilities (Logjam) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2231.NASL description Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 86975 published 2015-11-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86975 title RHEL 7 : ntp (RHSA-2015:2231) NASL family CISCO NASL id CISCO-SA-20150408-NTPD-IOS.NASL description According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. last seen 2020-06-01 modified 2020-06-02 plugin id 108954 published 2018-04-10 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108954 title Cisco IOS Software Multiple Vulnerabilities in ntpd (cisco-sa-20150408-ntpd) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2231.NASL description From Red Hat Security Advisory 2015:2231 : Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 87030 published 2015-11-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87030 title Oracle Linux 7 : ntp (ELSA-2015-2231) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL16505.NASL description The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. (CVE-2015-1798) last seen 2020-06-01 modified 2020-06-02 plugin id 83038 published 2015-04-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83038 title F5 Networks BIG-IP : NTP vulnerability (K16505) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3223.NASL description Multiple vulnerabilities were discovered in ntp, an implementation of the Network Time Protocol : - CVE-2015-1798 When configured to use a symmetric key with an NTP peer, ntpd would accept packets without MAC as if they had a valid MAC. This could allow a remote attacker to bypass the packet authentication and send malicious packets without having to know the symmetric key. - CVE-2015-1799 When peering with other NTP hosts using authenticated symmetric association, ntpd would update its internal state variables before the MAC of the NTP messages was validated. This could allow a remote attacker to cause a denial of service by impeding synchronization between NTP peers. Additionally, it was discovered that generating MD5 keys using ntp-keygen on big endian machines would either trigger an endless loop, or generate non-random keys. last seen 2020-06-01 modified 2020-06-02 plugin id 82745 published 2015-04-14 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82745 title Debian DSA-3223-1 : ntp - security update NASL family Misc. NASL id NTP_4_2_8P2.NASL description The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p2. It is, therefore, affected by the following vulnerabilities : - The symmetric-key feature in the receive() function requires a correct message authentication code (MAC) only if the MAC field has a nonzero length. A man-in-the-middle attacker can exploit this to spoof packets by omitting the MAC. (CVE-2015-1798) - A flaw exists in the symmetric-key feature in the receive() function when handling a specially crafted packet sent to one of two hosts that are peering with each other. An attacker can exploit this to cause the next attempt by the servers to synchronize to fail. (CVE-2015-1799) - A flaw exists in util/ntp-keygen.c due to the way that the ntp-keygen utility generates MD5 symmetric keys on big-endian systems. A remote attacker can exploit this to more easily guess MD5 symmetric keys and thereby spoof an NTP server or client. (CVE-2015-3405) last seen 2020-06-01 modified 2020-06-02 plugin id 83744 published 2015-05-21 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83744 title Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p2 Multiple Vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_EBD84C96DD7E11E4854E3C970E169BC2.NASL description ntp.org reports : - [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto. - [Sec 2781] Authentication doesn last seen 2020-06-01 modified 2020-06-02 plugin id 82631 published 2015-04-08 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82631 title FreeBSD : ntp -- multiple vulnerabilities (ebd84c96-dd7e-11e4-854e-3c970e169bc2) NASL family CISCO NASL id CISCO-SA-20150408-NTPD-IOSXE.NASL description According to its self-reported version, the IOS XE is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. last seen 2020-06-01 modified 2020-06-02 plugin id 108955 published 2018-04-10 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108955 title Cisco IOS XE Software Multiple Vulnerabilities in ntpd (cisco-sa-20150408-ntpd) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-202.NASL description Multiple vulnerabilities has been found and corrected in ntp : The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC (CVE-2015-1798). The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer (CVE-2015-1799). The updated packages provides a solution for these security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 82737 published 2015-04-13 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82737 title Mandriva Linux Security Advisory : ntp (MDVSA-2015:202) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-192.NASL description Brief introduction CVE-2015-1798 When ntpd is configured to use a symmetric key to authenticate a remote NTP server/peer, it checks if the NTP message authentication code (MAC) in received packets is valid, but not if there actually is any MAC included. Packets without a MAC are accepted as if they had a valid MAC. This allows a MITM attacker to send false packets that are accepted by the client/peer without having to know the symmetric key. The attacker needs to know the transmit timestamp of the client to match it in the forged reply and the false reply needs to reach the client before the genuine reply from the server. The attacker doesn last seen 2020-03-17 modified 2015-04-13 plugin id 82715 published 2015-04-13 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82715 title Debian DLA-192-1 : ntp security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1912-1.NASL description NTP was updated to version 4.2.8p8 to fix several security issues and to ensure the continued maintainability of the package. These security issues were fixed : CVE-2016-4953: Bad authentication demobilized ephemeral associations (bsc#982065). CVE-2016-4954: Processing spoofed server packets (bsc#982066). CVE-2016-4955: Autokey association reset (bsc#982067). CVE-2016-4956: Broadcast interleave (bsc#982068). CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). CVE-2016-1547: Validate crypto-NAKs to prevent ACRYPTO-NAK DoS (bsc#977459). CVE-2016-1548: Prevent the change of time of an ntpd client or denying service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode (bsc#977461). CVE-2016-1549: Sybil vulnerability: ephemeral association attack (bsc#977451). CVE-2016-1550: Improve security against buffer comparison timing attacks (bsc#977464). CVE-2016-1551: Refclock impersonation vulnerability (bsc#977450)y CVE-2016-2516: Duplicate IPs on unconfig directives could have caused an assertion botch in ntpd (bsc#977452). CVE-2016-2517: Remote configuration trustedkey/ requestkey/controlkey values are not properly validated (bsc#977455). CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457). CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458). CVE-2015-8158: Potential Infinite Loop in ntpq (bsc#962966). CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). CVE-2015-7976: ntpq saveconfig command allowed dangerous characters in filenames (bsc#962802). CVE-2015-7975: nextvar() missing length check (bsc#962988). CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might have allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a last seen 2020-06-01 modified 2020-06-02 plugin id 93186 published 2016-08-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93186 title SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0865-1.NASL description ntp was updated to fix two security related flaws as well as last seen 2020-06-01 modified 2020-06-02 plugin id 83725 published 2015-05-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83725 title SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2015:0865-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1459.NASL description Updated ntp packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 85025 published 2015-07-28 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85025 title CentOS 6 : ntp (CESA-2015:1459) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2567-1.NASL description Miroslav Lichvar discovered that NTP incorrectly validated MAC fields. A remote attacker could possibly use this issue to bypass authentication and spoof packets. (CVE-2015-1798) Miroslav Lichvar discovered that NTP incorrectly handled certain invalid packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-1799) Juergen Perlinger discovered that NTP incorrectly generated MD5 keys on big-endian platforms. This issue could either cause ntp-keygen to hang, or could result in non-random keys. (CVE number pending). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 82765 published 2015-04-14 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82765 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : ntp vulnerabilities (USN-2567-1) NASL family Scientific Linux Local Security Checks NASL id SL_20150722_NTP_ON_SL6_X.NASL description It was found that because NTP last seen 2020-03-18 modified 2015-08-04 plugin id 85203 published 2015-08-04 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85203 title Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20150722) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-520.NASL description The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. (CVE-2015-1798) The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. (CVE-2015-1799) This update also addresses leap-second handling. With older ntp versions, the -x option was sometimes used as a workaround to avoid kernel inserting/deleting leap seconds by stepping the clock and possibly upsetting running applications. That no longer works with 4.2.6 as ntpd steps the clock itself when a leap second occurs. The fix is to treat the one second offset gained during leap second as a normal offset and check the stepping threshold (set by -x or tinker step) to decide if a step should be applied. See this forum post for more information on the Amazon Linux AMI last seen 2020-06-01 modified 2020-06-02 plugin id 83271 published 2015-05-07 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83271 title Amazon Linux AMI : ntp (ALAS-2015-520) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0102.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - reject packets without MAC when authentication is enabled (CVE-2015-1798) - protect symmetric associations with symmetric key against DoS attack (CVE-2015-1799) - fix generation of MD5 keys with ntp-keygen on big-endian systems (CVE-2015-3405) - log when stepping clock for leap second or ignoring it with -x (#1204625) - fix typos in ntpd man page (#1194463) - validate lengths of values in extension fields (CVE-2014-9297) - drop packets with spoofed source address ::1 (CVE-2014-9298) - add nanosecond support to SHM refclock (#1117704) - allow creating all SHM segments with owner-only access (#1122015) - allow symmetric keys up to 32 bytes again (#1053551) - fix calculation of root dispersion (#1045376) - fix crash in ntpq mreadvar command (#1165141) - don last seen 2020-06-01 modified 2020-06-02 plugin id 85143 published 2015-07-31 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85143 title OracleVM 3.3 : ntp (OVMSA-2015-0102) NASL family Fedora Local Security Checks NASL id FEDORA_2015-5761.NASL description Security fix for CVE-2015-1799, CVE-2015-1798, #1210324 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-04-23 plugin id 83008 published 2015-04-23 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83008 title Fedora 22 : ntp-4.2.6p5-30.fc22 (2015-5761) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1459.NASL description Updated ntp packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 84951 published 2015-07-23 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84951 title RHEL 6 : ntp (RHSA-2015:1459) NASL family Fedora Local Security Checks NASL id FEDORA_2015-5830.NASL description Security fix for CVE-2015-1799, CVE-2015-1798, #1210324 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-04-29 plugin id 83121 published 2015-04-29 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83121 title Fedora 21 : ntp-4.2.6p5-30.fc21 (2015-5830) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2015-005.NASL description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-005. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl - AppleThunderboltEDMService - ATS - Bluetooth - Certificate Trust Policy - CFNetwork HTTPAuthentication - CoreText - coreTLS - DiskImages - Display Drivers - EFI - FontParser - Graphics Driver - ImageIO - Install Framework Legacy - Intel Graphics Driver - IOAcceleratorFamily - IOFireWireFamily - Kernel - kext tools - Mail - ntfs - ntp - OpenSSL - QuickTime - Security - Spotlight - SQLite - System Stats - TrueTypeScaler - zip Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 84489 published 2015-07-01 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84489 title Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1557.NASL description According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key.(CVE-2015-1798) - A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP last seen 2020-06-01 modified 2020-06-02 plugin id 125010 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125010 title EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1557) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2231.NASL description Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 87143 published 2015-12-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87143 title CentOS 7 : ntp (CESA-2015:2231) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2015-111-08.NASL description New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 82921 published 2015-04-22 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82921 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2015-111-08) NASL family Scientific Linux Local Security Checks NASL id SL_20151119_NTP_ON_SL7_X.NASL description It was found that because NTP last seen 2020-03-18 modified 2015-12-22 plugin id 87564 published 2015-12-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87564 title Scientific Linux Security Update : ntp on SL7.x x86_64 (20151119) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-330.NASL description NTP was updated to fix two security vulnerabilities : - ntpd could accept unauthenticated packets with symmetric key crypto. (CVE-2015-1798) - ntpd authentication did not protect symmetric associations against DoS attacks (CVE-2015-1799) last seen 2020-06-05 modified 2015-04-28 plugin id 83105 published 2015-04-28 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83105 title openSUSE Security Update : ntp (openSUSE-2015-330)
Redhat
advisories |
| ||||
rpms |
|
References
- http://bugs.ntp.org/show_bug.cgi?id=2779
- http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
- http://www.kb.cert.org/vuls/id/374268
- http://tools.cisco.com/security/center/viewAlert.x?alertId=38276
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
- http://www.securitytracker.com/id/1032032
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:202
- http://www.securityfocus.com/bid/73951
- http://www.debian.org/security/2015/dsa-3223
- http://www.ubuntu.com/usn/USN-2567-1
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10114
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://support.apple.com/kb/HT204942
- http://marc.info/?l=bugtraq&m=143213867103400&w=2
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- https://security.gentoo.org/glsa/201509-01
- http://rhn.redhat.com/errata/RHSA-2015-1459.html