Amazon Linux AMI: Security patch for ntp (ALAS-2015-607) (multiple CVEs)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | October 29, 2015 | October 29, 2015 | March 21, 2018 |
Available Exploits 
Description
It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server. (CVE-2015-7704 )
It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value. (CVE-2015-5300 )
It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. (CVE-2015-7691 , CVE-2015-7692 , CVE-2015-7702 )
A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffer overflow potentially resulting in null byte being written out of bounds. (CVE-2015-7852 )
A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd is configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701 )
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
amazon-linux-upgrade-ntpRelated Vulnerabilities
- RHSA-2016:0780: ntp security and bug fix update
- IBM AIX: ntp_advisory5 (CVE-2015-5300): Vulnerability in NTPv4 affects AIX
- Oracle Solaris 11: CVE-2015-7691: Vulnerability in NTP
- Gentoo Linux: CVE-2015-7704: NTP: Multiple vulnerabilities
- Cisco SAN-OS: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 (Multiple CVEs)
- IBM AIX: ntp_advisory4 (CVE-2015-7692): Network Time Protocol (NTP) vulnerability in AIX
- Gentoo Linux: CVE-2015-7702: NTP: Multiple vulnerabilities
- Cisco IOS: cisco-sa-20151021-ntp: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
- Gentoo Linux: CVE-2015-7691: NTP: Multiple vulnerabilities
- FreeBSD: ntp -- denial of service vulnerability (FreeBSD-SA-16:02.ntp) (CVE-2015-5300)
- FreeBSD: ntp -- multiple vulnerabilities (FreeBSD-SA-16:16.ntp) (Multiple CVEs)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 7
- Gentoo Linux: CVE-2015-7701: NTP: Multiple vulnerabilities
- Gentoo Linux: CVE-2015-7852: NTP: Multiple vulnerabilities
- ELSA-2015-1930 Important: Oracle Linux ntp security update
- Huawei EulerOS: CVE-2015-7701: ntp security update
- Huawei EulerOS: CVE-2015-7702: ntp security update
- Oracle Solaris 11: CVE-2015-5300: Vulnerability in NTP
- Gentoo Linux: CVE-2015-7871: Xen: Multiple vulnerabilities
- FreeBSD: ntp -- 13 low- and medium-severity vulnerabilities (FreeBSD-SA-15:25.ntp) (Multiple CVEs)
- IBM AIX: ntp_advisory4 (CVE-2015-7691): Network Time Protocol (NTP) vulnerability in AIX
- RHSA-2015:1930: ntp security update
- IBM AIX: ntp_advisory4 (CVE-2015-7702): Network Time Protocol (NTP) vulnerability in AIX
- Oracle Solaris 11: CVE-2015-7701: Vulnerability in NTP
- Huawei EulerOS: CVE-2015-7691: ntp security update
- Oracle Solaris 11: CVE-2015-7692: Vulnerability in NTP
- Cisco NX-OS: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 (Multiple CVEs)
- Cisco NX-OS: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 (Multiple CVEs)
- Oracle Solaris 11: CVE-2015-7702: Vulnerability in NTP
- Huawei EulerOS: CVE-2015-7852: ntp security update
- RHSA-2015:2520: ntp security update
- IBM AIX: ntp_advisory4 (CVE-2015-7701): Network Time Protocol (NTP) vulnerability in AIX
- Oracle Solaris 11: CVE-2015-7871: Vulnerability in NTP
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6
- ELSA-2015-2231 Moderate: Oracle Linux ntp security, bug fix, and enhancement update
- Oracle Solaris 11: CVE-2015-7704: Vulnerability in NTP
- Huawei EulerOS: CVE-2015-7692: ntp security update
- Oracle Solaris 11: CVE-2015-7852: Vulnerability in NTP
- Gentoo Linux: CVE-2015-7692: NTP: Multiple vulnerabilities