Rapid7 VulnDB

FreeBSD: ntp -- multiple vulnerabilities (FreeBSD-SA-16:16.ntp) (Multiple CVEs)

Back to Search

FreeBSD: ntp -- multiple vulnerabilities (FreeBSD-SA-16:16.ntp) (Multiple CVEs)

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
Published
04/26/2016
Created
07/25/2018
Added
04/28/2016
Modified
03/21/2018

Description

Network Time Foundation reports: NTF's NTP Project has been notified of the following low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p7, released on Tuesday, 26 April 2016: Bug 3020 / CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering. Reported by Matt Street and others of Cisco ASIG Bug 3012 / CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY. Reported by Matthew Van Gundy of Cisco ASIG Bug 3011 / CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360 Bug 3010 / CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360 Bug 3009 / CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360 Bug 3008 / CVE-2016-2519: ctl_getitem() return value not always checked. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360 Bug 3007 / CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos. Reported by Stephen Gray and Matthew Van Gundy of Cisco ASIG Bug 2978 / CVE-2016-1548: Interleave-pivot - MITIGATION ONLY. Reported by Miroslav Lichvar of RedHat and separately by Jonathan Gardner of Cisco ASIG. Bug 2952 / CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken. Reported by Michael Tatarinov, NTP Project Developer Volunteer Bug 2945 / Bug 2901 / CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks. Reported by Jonathan Gardner of Cisco ASIG Bug 2879 / CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing. Reported independently by Loganaden Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.

Solution(s)

  • freebsd-upgrade-base-10_1-release-p32
  • freebsd-upgrade-base-10_2-release-p15
  • freebsd-upgrade-base-10_3-release-p1
  • freebsd-upgrade-base-9_3-release-p40
  • freebsd-upgrade-package-ntp
  • freebsd-upgrade-package-ntp-devel

References

  • freebsd-upgrade-base-10_1-release-p32
  • freebsd-upgrade-base-10_2-release-p15
  • freebsd-upgrade-base-10_3-release-p1
  • freebsd-upgrade-base-9_3-release-p40
  • freebsd-upgrade-package-ntp
  • freebsd-upgrade-package-ntp-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;