Vulnerabilities > CVE-2016-4956

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
LOW
network
low complexity
ntp
oracle
novell
suse
opensuse
siemens
nessus

Summary

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

Vulnerable Configurations

Part Description Count
Application
Ntp
812
Application
Suse
2
OS
Oracle
2
OS
Novell
1
OS
Suse
5
OS
Opensuse
2
OS
Siemens
1
Hardware
Siemens
1

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-89E0874533.NASL
    descriptionSecurity fix for CVE-2015-8139, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92265
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92265
    titleFedora 23 : ntp (2016-89e0874533)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-89e0874533.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92265);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-8139", "CVE-2016-4954", "CVE-2016-4955", "CVE-2016-4956");
      script_xref(name:"FEDORA", value:"2016-89e0874533");
    
      script_name(english:"Fedora 23 : ntp (2016-89e0874533)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for CVE-2015-8139, CVE-2016-4954, CVE-2016-4955,
    CVE-2016-4956
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-89e0874533"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected ntp package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ntp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/07/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC23", reference:"ntp-4.2.6p5-41.fc23")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp");
    }
    
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL64505405.NASL
    descriptionntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. (CVE-2016-4956)
    last seen2020-06-01
    modified2020-06-02
    plugin id95967
    published2016-12-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95967
    titleF5 Networks BIG-IP : NTP vulnerability (K64505405)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from F5 Networks BIG-IP Solution K64505405.
    #
    # The text description of this plugin is (C) F5 Networks.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95967);
      script_version("3.7");
      script_cvs_date("Date: 2019/01/04 10:03:40");
    
      script_cve_id("CVE-2016-1548", "CVE-2016-4956");
    
      script_name(english:"F5 Networks BIG-IP : NTP vulnerability (K64505405)");
      script_summary(english:"Checks the BIG-IP version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote device is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a
    denial of service (interleaved-mode transition and time change) via a
    spoofed broadcast packet. NOTE: this vulnerability exists because of
    an incomplete fix for CVE-2016-1548. (CVE-2016-4956)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://support.f5.com/csp/article/K64505405"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade to one of the non-vulnerable versions listed in the F5
    Solution K64505405."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"F5 Networks Local Security Checks");
    
      script_dependencies("f5_bigip_detect.nbin");
      script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
    
      exit(0);
    }
    
    
    include("f5_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    version = get_kb_item("Host/BIG-IP/version");
    if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
    if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
    if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
    
    sol = "K64505405";
    vmatrix = make_array();
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    # AFM
    vmatrix["AFM"] = make_array();
    vmatrix["AFM"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1");
    vmatrix["AFM"]["unaffected"] = make_list("12.1.2","11.6.1HF2");
    
    # AM
    vmatrix["AM"] = make_array();
    vmatrix["AM"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1");
    vmatrix["AM"]["unaffected"] = make_list("12.1.2","11.6.1HF2");
    
    # APM
    vmatrix["APM"] = make_array();
    vmatrix["APM"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
    vmatrix["APM"]["unaffected"] = make_list("12.1.2","11.6.1HF2");
    
    # ASM
    vmatrix["ASM"] = make_array();
    vmatrix["ASM"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
    vmatrix["ASM"]["unaffected"] = make_list("12.1.2","11.6.1HF2");
    
    # AVR
    vmatrix["AVR"] = make_array();
    vmatrix["AVR"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1");
    vmatrix["AVR"]["unaffected"] = make_list("12.1.2","11.6.1HF2");
    
    # GTM
    vmatrix["GTM"] = make_array();
    vmatrix["GTM"]["affected"  ] = make_list("11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
    vmatrix["GTM"]["unaffected"] = make_list("11.6.1HF2");
    
    # LC
    vmatrix["LC"] = make_array();
    vmatrix["LC"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
    vmatrix["LC"]["unaffected"] = make_list("12.1.2","11.6.1HF2");
    
    # LTM
    vmatrix["LTM"] = make_array();
    vmatrix["LTM"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
    vmatrix["LTM"]["unaffected"] = make_list("12.1.2","11.6.1HF2");
    
    # PEM
    vmatrix["PEM"] = make_array();
    vmatrix["PEM"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1");
    vmatrix["PEM"]["unaffected"] = make_list("12.1.2","11.6.1HF2");
    
    
    if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
    {
      if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = bigip_get_tested_modules();
      audit_extra = "For BIG-IP module(s) " + tested + ",";
      if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
      else audit(AUDIT_HOST_NOT, "running any of the affected modules");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1125.NASL
    descriptionAccording to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.(CVE-2015-8139) - NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.(CVE-2016-2516) - The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.(CVE-2016-4954) - ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.(CVE-2016-4955) - ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.(CVE-2016-4956) - Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.(CVE-2017-6462) - NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.(CVE-2017-6463) - NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.(CVE-2017-6464) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-07-10
    plugin id101311
    published2017-07-10
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101311
    titleEulerOS 2.0 SP2 : ntp (EulerOS-SA-2017-1125)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101311);
      script_version("3.14");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2015-8139",
        "CVE-2016-2516",
        "CVE-2016-4954",
        "CVE-2016-4955",
        "CVE-2016-4956",
        "CVE-2017-6462",
        "CVE-2017-6463",
        "CVE-2017-6464"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : ntp (EulerOS-SA-2017-1125)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the ntp packages installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerabilities :
    
      - ntpq in NTP before 4.2.8p7 allows remote attackers to
        obtain origin timestamps and then impersonate peers via
        unspecified vectors.(CVE-2015-8139)
    
      - NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7
        is enabled, allows remote attackers to cause a denial
        of service (ntpd abort) by using the same IP address
        multiple times in an unconfig directive.(CVE-2016-2516)
    
      - The process_packet function in ntp_proto.c in ntpd in
        NTP 4.x before 4.2.8p8 allows remote attackers to cause
        a denial of service (peer-variable modification) by
        sending spoofed packets from many source IP addresses
        in a certain scenario, as demonstrated by triggering an
        incorrect leap indication.(CVE-2016-4954)
    
      - ntpd in NTP 4.x before 4.2.8p8, when autokey is
        enabled, allows remote attackers to cause a denial of
        service (peer-variable clearing and association outage)
        by sending (1) a spoofed crypto-NAK packet or (2) a
        packet with an incorrect MAC value at a certain
        time.(CVE-2016-4955)
    
      - ntpd in NTP 4.x before 4.2.8p8 allows remote attackers
        to cause a denial of service (interleaved-mode
        transition and time change) via a spoofed broadcast
        packet. NOTE: this vulnerability exists because of an
        incomplete fix for CVE-2016-1548.(CVE-2016-4956)
    
      - Buffer overflow in the legacy Datum Programmable Time
        Server (DPTS) refclock driver in NTP before 4.2.8p10
        and 4.3.x before 4.3.94 allows local users to have
        unspecified impact via a crafted /dev/datum
        device.(CVE-2017-6462)
    
      - NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows
        remote authenticated users to cause a denial of service
        (daemon crash) via an invalid setting in a :config
        directive, related to the unpeer option.(CVE-2017-6463)
    
      - NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows
        remote attackers to cause a denial of service (ntpd
        crash) via a malformed mode configuration
        directive.(CVE-2017-6464)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1125
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?319f2a38");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ntp packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ntp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ntpdate");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["ntp-4.2.6p5-25.0.1.h6",
            "ntpdate-4.2.6p5-25.0.1.h6"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1124.NASL
    descriptionAccording to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.i1/4^CVE-2015-8139i1/4%0 - NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.i1/4^CVE-2016-2516i1/4%0 - The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.i1/4^CVE-2016-4954i1/4%0 - ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.i1/4^CVE-2016-4955i1/4%0 - ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.i1/4^CVE-2016-4956i1/4%0 - Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.i1/4^CVE-2017-6462i1/4%0 - NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.i1/4^CVE-2017-6463i1/4%0 - NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.i1/4^CVE-2017-6464i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-07-10
    plugin id101310
    published2017-07-10
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101310
    titleEulerOS 2.0 SP1 : ntp (EulerOS-SA-2017-1124)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-727.NASL
    descriptionntp was updated to fix five security issues. These security issues were fixed : - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed : - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service. - bsc#981422: Don
    last seen2020-06-05
    modified2016-06-16
    plugin id91630
    published2016-06-16
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91630
    titleopenSUSE Security Update : ntp (openSUSE-2016-727)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201607-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201607-15 (NTP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id92485
    published2016-07-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92485
    titleGLSA-201607-15 : NTP: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1568-1.NASL
    descriptionntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed : - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457). - CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id91663
    published2016-06-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91663
    titleSUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1568-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-750.NASL
    descriptionntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed : - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed : - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don
    last seen2020-06-05
    modified2016-06-21
    plugin id91721
    published2016-06-21
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91721
    titleopenSUSE Security Update : ntp (openSUSE-2016-750)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-50B0066B7F.NASL
    descriptionSecurity fix for CVE-2015-8139, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-14
    plugin id92095
    published2016-07-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92095
    titleFedora 24 : ntp (2016-50b0066b7f)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2016-155-01.NASL
    descriptionNew ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id91462
    published2016-06-06
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91462
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-155-01)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1602-1.NASL
    descriptionntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed : - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93153
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93153
    titleSUSE SLES11 Security Update : ntp (SUSE-SU-2016:1602-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1563-1.NASL
    descriptionntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed : - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id91662
    published2016-06-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91662
    titleSUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1563-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1912-1.NASL
    descriptionNTP was updated to version 4.2.8p8 to fix several security issues and to ensure the continued maintainability of the package. These security issues were fixed : CVE-2016-4953: Bad authentication demobilized ephemeral associations (bsc#982065). CVE-2016-4954: Processing spoofed server packets (bsc#982066). CVE-2016-4955: Autokey association reset (bsc#982067). CVE-2016-4956: Broadcast interleave (bsc#982068). CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). CVE-2016-1547: Validate crypto-NAKs to prevent ACRYPTO-NAK DoS (bsc#977459). CVE-2016-1548: Prevent the change of time of an ntpd client or denying service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode (bsc#977461). CVE-2016-1549: Sybil vulnerability: ephemeral association attack (bsc#977451). CVE-2016-1550: Improve security against buffer comparison timing attacks (bsc#977464). CVE-2016-1551: Refclock impersonation vulnerability (bsc#977450)y CVE-2016-2516: Duplicate IPs on unconfig directives could have caused an assertion botch in ntpd (bsc#977452). CVE-2016-2517: Remote configuration trustedkey/ requestkey/controlkey values are not properly validated (bsc#977455). CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457). CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458). CVE-2015-8158: Potential Infinite Loop in ntpq (bsc#962966). CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). CVE-2015-7976: ntpq saveconfig command allowed dangerous characters in filenames (bsc#962802). CVE-2015-7975: nextvar() missing length check (bsc#962988). CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might have allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id93186
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93186
    titleSUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7CFCEA05600A11E6A6C314DAE9D210B8.NASL
    descriptionMultiple vulnerabilities have been discovered in the NTP suite : The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that could cause ntpd to crash. [CVE-2016-4957, Reported by Nicolas Edet of Cisco] An attacker who knows the origin timestamp and can send a spoofed packet containing a CRYPTO-NAK to an ephemeral peer target before any other response is sent can demobilize that association. [CVE-2016-4953, Reported by Miroslav Lichvar of Red Hat] An attacker who is able to spoof packets with correct origin timestamps from enough servers before the expected response packets arrive at the target machine can affect some peer variables and, for example, cause a false leap indication to be set. [CVE-2016-4954, Reported by Jakub Prokes of Red Hat] An attacker who is able to spoof a packet with a correct origin timestamp before the expected response packet arrives at the target machine can send a CRYPTO_NAK or a bad MAC and cause the association
    last seen2020-06-01
    modified2020-06-02
    plugin id92927
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92927
    titleFreeBSD : FreeBSD -- Multiple ntp vulnerabilities (7cfcea05-600a-11e6-a6c3-14dae9d210b8)
  • NASL familyMisc.
    NASL idNTP_4_2_8P8.NASL
    descriptionThe version of the remote NTP server is 4.x prior to 4.2.8p8 or 4.3.x prior to 4.3.93. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when handling authentication due to improper packet timestamp checks. An unauthenticated, remote attacker can exploit this, via a specially crafted and spoofed packet, to demobilize the ephemeral associations. (CVE-2016-4953) - A flaw exists that is triggered when handling spoofed packets. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to affect peer variables (e.g., cause leap indications to be set). Note that the attacker must be able to spoof packets with correct origin timestamps from servers before expected response packets arrive. (CVE-2016-4954) - A flaw exists that is triggered when handling spoofed packets. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to reset autokey associations. Note that the attacker must be able to spoof packets with correct origin timestamps from servers before expected response packets arrive. (CVE-2016-4955) - A flaw exists when handling broadcast associations that allows an unauthenticated, remote attacker to cause a broadcast client to change into interleave mode. (CVE-2016-4956) - A denial of service vulnerability exists when handling CRYPTO_NAK packets that allows an unauthenticated, remote attacker to cause a crash. Note that this issue only affects versions 4.2.8p7 and 4.3.92. (CVE-2016-4957)
    last seen2020-04-30
    modified2016-06-08
    plugin id91515
    published2016-06-08
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91515
    titleNetwork Time Protocol Daemon (ntpd) 4.x < 4.2.8p8 / 4.3.x < 4.3.93 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1584-1.NASL
    descriptionntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed : - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id91666
    published2016-06-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91666
    titleSUSE SLES11 Security Update : ntp (SUSE-SU-2016:1584-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-C3BD6A3496.NASL
    descriptionSecurity fix for CVE-2015-8139, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92288
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92288
    titleFedora 22 : ntp (2016-c3bd6a3496)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3096-1.NASL
    descriptionAanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973) Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. An attacker could possibly use this issue to cause ntpq to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7975) Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976) Stephen Gray discovered that NTP incorrectly handled large restrict lists. An attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7977, CVE-2015-7978) Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7979) Jonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138) Jonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. An attacker could possibly use this issue to cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158) It was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727) Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1547) Miroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly handled switching to interleaved symmetric mode. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548) Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. A remote attacker could possibly use this issue to recover the message digest key. (CVE-2016-1550) Yihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. An authenticated remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2516) Yihan Lian discovered that NTP incorrectly handled certail peer associations. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2518) Jakub Prokes discovered that NTP incorrectly handled certain spoofed packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4954) Miroslav Lichvar discovered that NTP incorrectly handled certain packets when autokey is enabled. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4955) Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed broadcast packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4956) In the default installation, attackers would be isolated by the NTP AppArmor profile. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93896
    published2016-10-06
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93896
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : ntp vulnerabilities (USN-3096-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1556.NASL
    descriptionAccording to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in the NTP server
    last seen2020-06-01
    modified2020-06-02
    plugin id125009
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125009
    titleEulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-727.NASL
    descriptionIt was discovered that ntpq and ntpdc disclosed the origin timestamp to unauthenticated clients, which could permit such clients to forge the server
    last seen2020-06-01
    modified2020-06-02
    plugin id92662
    published2016-08-02
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92662
    titleAmazon Linux AMI : ntp (ALAS-2016-727)

References