ELSA-2015-2231 Moderate: Oracle Linux ntp security, bug fix, and enhancement update

Back to Search

ELSA-2015-2231 Moderate: Oracle Linux ntp security, bug fix, and enhancement update

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

04/08/2015

Created

07/25/2018

Added

11/24/2015

Modified

04/11/2019

Description

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.

Solution(s)

oracle-linux-upgrade-ntp
oracle-linux-upgrade-ntp-doc
oracle-linux-upgrade-ntp-perl
oracle-linux-upgrade-ntpdate
oracle-linux-upgrade-sntp

Related Vulnerabilities

APPLE-SA-2015-06-30-2
72583
72584
73950
73951
74045
77280
77312
374268
718152
852879
CVE - 2014-9750
CVE - 2014-9751
CVE - 2015-1798
CVE - 2015-1799
CVE - 2015-3405
CVE - 2015-5300
CVE - 2015-7704
DSA-3222
DSA-3223
DSA-3388
Category I
2017-A-0028
RHSA-2015:1459
RHSA-2015:1930
RHSA-2015:2231
RHSA-2015:2520
http://oss.oracle.com/pipermail/el-errata/2015-November/005572.html

References

oracle-linux-upgrade-ntp
oracle-linux-upgrade-ntp-doc
oracle-linux-upgrade-ntp-perl
oracle-linux-upgrade-ntpdate
oracle-linux-upgrade-sntp

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 VulnDB

ELSA-2015-2231 Moderate: Oracle Linux ntp security, bug fix, and enhancement update