Rapid7 Vulnerability & Exploit Database

Amazon Linux AMI: Security patch for ntp (ALAS-2015-593) (multiple CVEs)

Back to Search

Amazon Linux AMI: Security patch for ntp (ALAS-2015-593) (multiple CVEs)

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
Published
09/03/2015
Created
07/25/2018
Added
09/03/2015
Modified
03/21/2018

Description

As discussed upstream, a flaw was found in the way ntpd processed certain remote configuration packets. Note that remote configuration is disabled by default in NTP. (CVE-2015-5146 )

It was found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). (CVE-2015-7703 )

It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. (CVE-2015-5194 )

It was found that ntpd exits with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) is referenced by the statistics or filegen configuration command. (CVE-2015-5195 )

It was discovered that sntp would hang in an infinite loop when a crafted NTP packet was received, related to the conversion of the precision value in the packet to double. (CVE-2015-5219 )

A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405 )

Solution(s)

  • amazon-linux-upgrade-ntp
  • amazon-linux-upgrade-ntp-debuginfo
  • amazon-linux-upgrade-ntp-doc
  • amazon-linux-upgrade-ntp-perl
  • amazon-linux-upgrade-ntpdate

References

  • amazon-linux-upgrade-ntp
  • amazon-linux-upgrade-ntp-debuginfo
  • amazon-linux-upgrade-ntp-doc
  • amazon-linux-upgrade-ntp-perl
  • amazon-linux-upgrade-ntpdate

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;