Vulnerability Note VU#321640

NTP.org ntpd is vulnerable to denial of service and other vulnerabilities

Original Release date: 02 Jun 2016 | Last revised: 06 Jun 2016

Overview

NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities.

Description

NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTP's security advisory listing and in the individual links below.

CRYPTO-NAK denial of service introduced in Sec 3007 patch. See Sec 3046, CVE-2016-4957. The CVSS score below describes this vulnerability.

Bad authentication demobilizes ephemeral associations. See Sec 3045, CVE-2016-4953.

Processing of spoofed server packets affects peer variables. See Sec 3044, CVE-2016-4954.

Autokey associations may be reset when repeatedly receiving spoofed packets. See Sec 3043, CVE-2016-4955.

Broadcast associations are not covered in Sec 2978 patch, which may be leveraged to flip broadcast clients into interleave mode. See Sec 3042, CVE-2016-4956.

Impact

Unauthenticated, remote attackers may be able to spoof or send specially crafted packets to create denial of service conditions.

Solution

Apply an update

The vendor has released version 4.2.8p8 to address these issues. Users are encouraged to update to the latest release. Those unable to update should consider mitigations listed in NTP's security advisory listing.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
FreeBSD ProjectAffected27 May 201606 Jun 2016
NTP ProjectAffected25 May 201602 Jun 2016
ACCESSUnknown27 May 201627 May 2016
Alcatel-LucentUnknown27 May 201627 May 2016
AppleUnknown27 May 201627 May 2016
Arista Networks, Inc.Unknown27 May 201627 May 2016
Aruba NetworksUnknown27 May 201627 May 2016
AT&TUnknown27 May 201627 May 2016
Avaya, Inc.Unknown27 May 201627 May 2016
Belkin, Inc.Unknown27 May 201627 May 2016
Blue Coat SystemsUnknown27 May 201627 May 2016
CA TechnologiesUnknown27 May 201627 May 2016
CentOSUnknown27 May 201627 May 2016
Check Point Software TechnologiesUnknown27 May 201627 May 2016
CiscoUnknown27 May 201627 May 2016
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C
Temporal 6.4 E:F/RL:OF/RC:C
Environmental 6.4 CDP:N/TD:H/CR:ND/IR:ND/AR:ND

References

Credit

The NTP Project credits Nicolas Edet of Cisco, Miroslav Lichvar of Red Hat, and Jakub Prokes of Red Hat for reporting these vulnerabilities.

This document was written by Joel Land.

Other Information

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.