5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.86 High
EPSS
Percentile
98.6%
Updated ntp packages that fix one security issue are now available for Red Hat Enterprise Linux 6.5 and 6.6 Extended Update Support.
Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The Network Time Protocol (NTP) is used to synchronize a computer’s time with a referenced time source.
It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client’s polling interval value, and effectively disable synchronization with the server. (CVE-2015-7704)
Red Hat would like to thank Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg of Boston University for reporting this issue.
All ntp users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2015:2520. The text
# itself is copyright (C) Red Hat, Inc.
#
include("compat.inc");
if (description)
{
script_id(87101);
script_version("2.16");
script_cvs_date("Date: 2019/10/24 15:35:40");
script_cve_id("CVE-2015-7704");
script_xref(name:"RHSA", value:"2015:2520");
script_name(english:"RHEL 6 : ntp (RHSA-2015:2520)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated ntp packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.5 and 6.6 Extended Update Support.
Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
The Network Time Protocol (NTP) is used to synchronize a computer's
time with a referenced time source.
It was discovered that ntpd as a client did not correctly check
timestamps in Kiss-of-Death packets. A remote attacker could use this
flaw to send a crafted Kiss-of-Death packet to an ntpd client that
would increase the client's polling interval value, and effectively
disable synchronization with the server. (CVE-2015-7704)
Red Hat would like to thank Aanchal Malhotra, Isaac E. Cohen, and
Sharon Goldberg of Boston University for reporting this issue.
All ntp users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
update, the ntpd daemon will restart automatically."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2015:2520"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2015-7704"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ntp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ntp-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ntp-perl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ntpdate");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.6");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/07");
script_set_attribute(attribute:"patch_publication_date", value:"2015/11/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/30");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(6\.5|6\.6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.5 / 6.6", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2015:2520";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{ sp = get_kb_item("Host/RedHat/minor_release");
if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
flag = 0;
if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ntp-4.2.6p5-3.el6_6.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"ntp-4.2.6p5-2.el6_5.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ntp-4.2.6p5-3.el6_6.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ntp-4.2.6p5-3.el6_6.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ntp-4.2.6p5-2.el6_5.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ntp-debuginfo-4.2.6p5-3.el6_6.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"ntp-debuginfo-4.2.6p5-2.el6_5.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ntp-debuginfo-4.2.6p5-3.el6_6.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"ntp-debuginfo-4.2.6p5-2.el6_5.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ntp-debuginfo-4.2.6p5-3.el6_6.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ntp-debuginfo-4.2.6p5-2.el6_5.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"6", reference:"ntp-doc-4.2.6p5-3.el6_6.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"5", reference:"ntp-doc-4.2.6p5-2.el6_5.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ntp-perl-4.2.6p5-3.el6_6.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ntp-perl-4.2.6p5-3.el6_6.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"ntp-perl-4.2.6p5-2.el6_5.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ntp-perl-4.2.6p5-3.el6_6.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ntp-perl-4.2.6p5-2.el6_5.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ntpdate-4.2.6p5-3.el6_6.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"ntpdate-4.2.6p5-2.el6_5.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ntpdate-4.2.6p5-3.el6_6.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ntpdate-4.2.6p5-3.el6_6.1")) flag++;
if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ntpdate-4.2.6p5-2.el6_5.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate");
}
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | ntp | p-cpe:/a:redhat:enterprise_linux:ntp |
redhat | enterprise_linux | ntp-debuginfo | p-cpe:/a:redhat:enterprise_linux:ntp-debuginfo |
redhat | enterprise_linux | ntp-doc | p-cpe:/a:redhat:enterprise_linux:ntp-doc |
redhat | enterprise_linux | ntp-perl | p-cpe:/a:redhat:enterprise_linux:ntp-perl |
redhat | enterprise_linux | ntpdate | p-cpe:/a:redhat:enterprise_linux:ntpdate |
redhat | enterprise_linux | 6.5 | cpe:/o:redhat:enterprise_linux:6.5 |
redhat | enterprise_linux | 6.6 | cpe:/o:redhat:enterprise_linux:6.6 |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.86 High
EPSS
Percentile
98.6%