vulnerability
Ubuntu: USN-3096-1 (CVE-2015-7974): NTP vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:P/A:N) | Jan 26, 2016 | Oct 7, 2016 | Apr 14, 2025 |
Description
Aanchal Malhotra discovered that NTP incorrectly handled authenticated
broadcast mode. A remote attacker could use this issue to perform a replay
attack. (CVE-2015-7973)
Matt Street discovered that NTP incorrectly verified peer associations of
symmetric keys. A remote attacker could use this issue to perform an
impersonation attack. (CVE-2015-7974)
Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled
memory. An attacker could possibly use this issue to cause ntpq to crash,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2015-7975)
Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled
dangerous characters in filenames. An attacker could possibly use this
issue to overwrite arbitrary files. (CVE-2015-7976)
Stephen Gray discovered that NTP incorrectly handled large restrict lists.
An attacker could use this issue to cause NTP to crash, resulting in a
denial of service. (CVE-2015-7977, CVE-2015-7978)
Aanchal Malhotra discovered that NTP incorrectly handled authenticated
broadcast mode. A remote attacker could use this issue to cause NTP to
crash, resulting in a denial of service. (CVE-2015-7979)
Jonathan Gardner discovered that NTP incorrectly handled origin timestamp
checks. A remote attacker could use this issue to spoof peer servers.
(CVE-2015-8138)
Jonathan Gardner discovered that the NTP ntpq utility did not properly
handle certain incorrect values. An attacker could possibly use this issue
to cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158)
It was discovered that the NTP cronjob incorrectly cleaned up the
statistics directory. A local attacker could possibly use this to escalate
privileges. (CVE-2016-0727)
Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly
validated crypto-NAKs. A remote attacker could possibly use this issue to
prevent clients from synchronizing. (CVE-2016-1547)
Miroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly
handled switching to interleaved symmetric mode. A remote attacker could
possibly use this issue to prevent clients from synchronizing.
(CVE-2016-1548)
Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that
NTP incorrectly handled message authentication. A remote attacker could
possibly use this issue to recover the message digest key. (CVE-2016-1550)
Yihan Lian discovered that NTP incorrectly handled duplicate IPs on
unconfig directives. An authenticated remote attacker could possibly use
this issue to cause NTP to crash, resulting in a denial of service.
(CVE-2016-2516)
Yihan Lian discovered that NTP incorrectly handled certail peer
associations. A remote attacker could possibly use this issue to cause NTP
to crash, resulting in a denial of service. (CVE-2016-2518)
Jakub Prokes discovered that NTP incorrectly handled certain spoofed
packets. A remote attacker could possibly use this issue to cause a denial
of service. (CVE-2016-4954)
Miroslav Lichvar discovered that NTP incorrectly handled certain packets
when autokey is enabled. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-4955)
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
broadcast packets. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-4956)
In the default installation, attackers would be isolated by the NTP
AppArmor profile.
Solution
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.