5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
0.097 Low
EPSS
Percentile
94.8%
Issue Overview:
It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client. (CVE-2015-8138)
A NULL pointer dereference flaw was found in the way ntpd processed ‘ntpdc reslist’ commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash the ntpd process. (CVE-2015-7977)
It was found that NTP does not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key. (CVE-2015-7974)
A stack-based buffer overflow was found in the way ntpd processed ‘ntpdc reslist’ commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash the ntpd process. (CVE-2015-7978)
It was found that when NTP is configured in broadcast mode, an off-path attacker could broadcast packets with bad authentication (wrong key, mismatched key, incorrect MAC, etc) to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server. This could cause the time on affected clients to become out of sync over a longer period of time. (CVE-2015-7979)
A flaw was found in the way the ntpq client certain processed incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance. (CVE-2015-8158)
A flaw was found in ntpd that allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. (CVE-2016-4953)
(Updated 2016-10-18: CVE-2016-4953 was fixed in this release but was not previously part of this errata.)
Affected Packages:
ntp
Issue Correction:
Run yum update ntp to update your system.
New Packages:
i686:
ntp-4.2.6p5-36.29.amzn1.i686
ntpdate-4.2.6p5-36.29.amzn1.i686
ntp-debuginfo-4.2.6p5-36.29.amzn1.i686
noarch:
ntp-doc-4.2.6p5-36.29.amzn1.noarch
ntp-perl-4.2.6p5-36.29.amzn1.noarch
src:
ntp-4.2.6p5-36.29.amzn1.src
x86_64:
ntpdate-4.2.6p5-36.29.amzn1.x86_64
ntp-4.2.6p5-36.29.amzn1.x86_64
ntp-debuginfo-4.2.6p5-36.29.amzn1.x86_64
Red Hat: CVE-2015-7974, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158, CVE-2016-4953
Mitre: CVE-2015-7974, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158, CVE-2016-4953
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | ntp | < 4.2.6p5-36.29.amzn1 | ntp-4.2.6p5-36.29.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | ntpdate | < 4.2.6p5-36.29.amzn1 | ntpdate-4.2.6p5-36.29.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | ntp-debuginfo | < 4.2.6p5-36.29.amzn1 | ntp-debuginfo-4.2.6p5-36.29.amzn1.i686.rpm |
Amazon Linux | 1 | noarch | ntp-doc | < 4.2.6p5-36.29.amzn1 | ntp-doc-4.2.6p5-36.29.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | ntp-perl | < 4.2.6p5-36.29.amzn1 | ntp-perl-4.2.6p5-36.29.amzn1.noarch.rpm |
Amazon Linux | 1 | x86_64 | ntpdate | < 4.2.6p5-36.29.amzn1 | ntpdate-4.2.6p5-36.29.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | ntp | < 4.2.6p5-36.29.amzn1 | ntp-4.2.6p5-36.29.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | ntp-debuginfo | < 4.2.6p5-36.29.amzn1 | ntp-debuginfo-4.2.6p5-36.29.amzn1.x86_64.rpm |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
0.097 Low
EPSS
Percentile
94.8%