Rapid7 Vulnerability & Exploit Database

RHSA-2015:2231: ntp security, bug fix, and enhancement update

Back to Search

RHSA-2015:2231: ntp security, bug fix, and enhancement update



The Network Time Protocol (NTP) is used to synchronize a computer's timewith another referenced time source. These packages include the ntpdservice which continuously adjusts system time and utilities used to queryand configure the ntpd service.It was found that because NTP's access control was based on a source IPaddress, an attacker could bypass source IP restrictions and sendmalicious control and configuration packets by spoofing ::1 addresses.(CVE-2014-9298, CVE-2014-9751)A denial of service flaw was found in the way NTP hosts that were peeringwith each other authenticated themselves before updating their internalstate variables. An attacker could send packets to one peer host, whichcould cascade to other peers, and stop the synchronization process amongthe reached peers. (CVE-2015-1799)A flaw was found in the way the ntp-keygen utility generated MD5 symmetrickeys on big-endian systems. An attacker could possibly use this flaw toguess generated MD5 keys, which could then be used to spoof an NTP clientor server. (CVE-2015-3405)A stack-based buffer overflow was found in the way the NTP autokey protocolwas implemented. When an NTP client decrypted a secret received from an NTPserver, it could cause that client to crash. (CVE-2014-9297, CVE-2014-9750)It was found that ntpd did not check whether a Message Authentication Code(MAC) was present in a received packet when ntpd was configured to usesymmetric cryptographic keys. A man-in-the-middle attacker could use thisflaw to send crafted packets that would be accepted by a client or a peerwithout the attacker knowing the symmetric key. (CVE-2015-1798)The CVE-2015-1798 and CVE-2015-1799 issues were discovered by MiroslavLichvár of Red Hat.Bug fixes:Enhancements:All ntp users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues and add theseenhancements.


  • redhat-upgrade-ntp
  • redhat-upgrade-ntp-debuginfo
  • redhat-upgrade-ntp-doc
  • redhat-upgrade-ntp-perl
  • redhat-upgrade-ntpdate
  • redhat-upgrade-sntp

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center