exploit the possibilities

Ubuntu Security Notice USN-3096-1

Ubuntu Security Notice USN-3096-1
Posted Oct 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3096-1 - Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. An attacker could possibly use this issue to cause ntpq to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158, CVE-2016-0727, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2516, CVE-2016-2518, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956
MD5 | 9b3aea2f08c5b95113b7d617304a06df

Ubuntu Security Notice USN-3096-1

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-3096-1
October 05, 2016

ntp vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in NTP.

Software Description:
- ntp: Network Time Protocol daemon and utility programs

Details:

Aanchal Malhotra discovered that NTP incorrectly handled authenticated
broadcast mode. A remote attacker could use this issue to perform a replay
attack. (CVE-2015-7973)

Matt Street discovered that NTP incorrectly verified peer associations of
symmetric keys. A remote attacker could use this issue to perform an
impersonation attack. (CVE-2015-7974)

Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled
memory. An attacker could possibly use this issue to cause ntpq to crash,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2015-7975)

Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled
dangerous characters in filenames. An attacker could possibly use this
issue to overwrite arbitrary files. (CVE-2015-7976)

Stephen Gray discovered that NTP incorrectly handled large restrict lists.
An attacker could use this issue to cause NTP to crash, resulting in a
denial of service. (CVE-2015-7977, CVE-2015-7978)

Aanchal Malhotra discovered that NTP incorrectly handled authenticated
broadcast mode. A remote attacker could use this issue to cause NTP to
crash, resulting in a denial of service. (CVE-2015-7979)

Jonathan Gardner discovered that NTP incorrectly handled origin timestamp
checks. A remote attacker could use this issue to spoof peer servers.
(CVE-2015-8138)

Jonathan Gardner discovered that the NTP ntpq utility did not properly
handle certain incorrect values. An attacker could possibly use this issue
to cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158)

It was discovered that the NTP cronjob incorrectly cleaned up the
statistics directory. A local attacker could possibly use this to escalate
privileges. (CVE-2016-0727)

Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly
validated crypto-NAKs. A remote attacker could possibly use this issue to
prevent clients from synchronizing. (CVE-2016-1547)

Miroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly
handled switching to interleaved symmetric mode. A remote attacker could
possibly use this issue to prevent clients from synchronizing.
(CVE-2016-1548)

Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that
NTP incorrectly handled message authentication. A remote attacker could
possibly use this issue to recover the message digest key. (CVE-2016-1550)

Yihan Lian discovered that NTP incorrectly handled duplicate IPs on
unconfig directives. An authenticated remote attacker could possibly use
this issue to cause NTP to crash, resulting in a denial of service.
(CVE-2016-2516)

Yihan Lian discovered that NTP incorrectly handled certail peer
associations. A remote attacker could possibly use this issue to cause NTP
to crash, resulting in a denial of service. (CVE-2016-2518)

Jakub Prokes discovered that NTP incorrectly handled certain spoofed
packets. A remote attacker could possibly use this issue to cause a denial
of service. (CVE-2016-4954)

Miroslav Lichvar discovered that NTP incorrectly handled certain packets
when autokey is enabled. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-4955)

Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
broadcast packets. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-4956)

In the default installation, attackers would be isolated by the NTP
AppArmor profile.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
ntp 1:4.2.8p4+dfsg-3ubuntu5.3

Ubuntu 14.04 LTS:
ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10

Ubuntu 12.04 LTS:
ntp 1:4.2.6.p3+dfsg-1ubuntu3.11

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3096-1
CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976,
CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138,
CVE-2015-8158, CVE-2016-0727, CVE-2016-1547, CVE-2016-1548,
CVE-2016-1550, CVE-2016-2516, CVE-2016-2518, CVE-2016-4954,
CVE-2016-4955, CVE-2016-4956

Package Information:
https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.3
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.11


Login or Register to add favorites

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    14 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close