NTP through 4.2.8p12 has a NULL Pointer Dereference.

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4563-2 advisory.

    USN-4563-1 fixed a vulnerability in NTP. This update provides the corresponding update for Ubuntu 20.04     LTS and Ubuntu 20.10.



Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11115 advisory.

  - NTP through 4.2.8p12 has a NULL Pointer Dereference. (CVE-2019-8936)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4563-1 advisory.

    It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An     attacker could use this vulnerability to cause a denial of service (crash).

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - NTP through 4.2.8p12 has a NULL Pointer     Dereference.(CVE-2019-8936)

  - ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets     before updating the 'received' timestamp, which allows     remote attackers to cause a denial of service     (disruption) by sending a packet with a zero-origin     timestamp causing the association to reset and setting     the contents of the packet as the most recent     timestamp. This issue is a result of an incomplete fix     for CVE-2015-7704.(CVE-2018-7184)

  - Buffer overflow in the decodearr function in ntpq in     ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to     execute arbitrary code by leveraging an ntpq query and     sending a response with a crafted array.(CVE-2018-7183)

  - NTP before 4.2.8p6 and 4.3.x before 4.3.90, when     configured in broadcast mode, allows man-in-the-middle     attackers to conduct replay attacks by sniffing the     network.(CVE-2015-7973)

  - ntpd in ntp before 4.2.8p3 with remote configuration     enabled allows remote authenticated users with     knowledge of the configuration password and access to a     computer entrusted to perform remote configuration to     cause a denial of service (service crash) via a NULL     byte in a crafted configuration directive     packet.(CVE-2015-5146)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ntp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The Network Time Protocol (NTP) is used to synchronize     a computer's time with another reference time source.
    This package includes ntpd (a daemon which continuously     adjusts system time) and utilities used to query and     configure the ntpd daemon. Perl scripts ntp-wait and     ntptrace are in the ntp-perl package, ntpdate is in the     ntpdate package and sntp is in the sntp package. The     documentation is in the ntp-doc package. Security     Fix(es):NTP through 4.2.8p12 has a NULL Pointer     Dereference.(CVE-2019-8936)Buffer overflow in the     legacy Datum Programmable Time Server (DPTS) refclock     driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94     allows local users to have unspecified impact via a     crafted /dev/datum device.(CVE-2017-6462)NTP before     4.2.8p10 and 4.3.x before 4.3.94 allows remote     attackers to cause a denial of service (ntpd crash) via     a malformed mode configuration     directive.(CVE-2017-6464)NTP before 4.2.8p10 and 4.3.x     before 4.3.94 allows remote authenticated users to     cause a denial of service (daemon crash) via an invalid     setting in a :config directive, related to the unpeer     option.(CVE-2017-6463)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - NTP through 4.2.8p12 has a NULL Pointer     Dereference.(CVE-2019-8936)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the ntp package has been released.

NTP has a NULL pointer dereference attack in an authenticated mode 6 packet. (CVE-2019-8936)

According to the version of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  - NTP through 4.2.8p12 has a NULL Pointer     Dereference.i1/4^CVE-2019-8936i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security fix for CVE-2019-8936

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ntp fixes the following issues :

Security issue fixed: &#9; 

  - CVE-2019-8936: Fixed a NULL pointer exception which     could allow an authenticated attcker to cause     segmentation fault to ntpd (bsc#1128525).

Other isses addressed :

  - Fixed an issue which caused openSSL mismatch     (bsc#1125401)

  - Fixed several bugs in the BANCOMM reclock driver.

  - Fixed ntp_loopfilter.c snprintf compilation warnings.

  - Fixed spurious initgroups() error message.

  - Fixed STA_NANO struct timex units.

  - Fixed GPS week rollover in libparse.

  - Fixed incorrect poll interval in packet.

  - Added a missing check for ENABLE_CMAC.

This update was imported from the SUSE:SLE-12-SP1:Update update project.

This update for ntp fixes the following issues :

Security issue fixed: &#9; 

  - CVE-2019-8936: Fixed a NULL pointer exception which     could allow an authenticated attcker to cause     segmentation fault to ntpd (bsc#1128525).

Other issues addressed :

  - Fixed several bugs in the BANCOMM reclock driver.

  - Fixed ntp_loopfilter.c snprintf compilation warnings.

  - Fixed spurious initgroups() error message.

  - Fixed STA_NANO struct timex units.

  - Fixed GPS week rollover in libparse.

  - Fixed incorrect poll interval in packet.

  - Added a missing check for ENABLE_CMAC.

This update was imported from the SUSE:SLE-15:Update update project.

This update for ntp fixes the following issues :

Security issue fixed :

CVE-2019-8936: Fixed a NULL pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525).

Other isses addressed: Fixed an issue which caused openSSL mismatch (bsc#1125401)

Fixed several bugs in the BANCOMM reclock driver.

Fixed ntp_loopfilter.c snprintf compilation warnings.

Fixed spurious initgroups() error message.

Fixed STA_NANO struct timex units.

Fixed GPS week rollover in libparse.

Fixed incorrect poll interval in packet.

Added a missing check for ENABLE_CMAC.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ntp fixes the following issues :

Security issue fixed :

CVE-2019-8936: Fixed a NULL pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525).

Other issues addressed: Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182).

Fixed several bugs in the BANCOMM reclock driver.

Fixed ntp_loopfilter.c snprintf compilation warnings.

Fixed spurious initgroups() error message.

Fixed STA_NANO struct timex units.

Fixed GPS week rollover in libparse.

Fixed incorrect poll interval in packet.

Added a missing check for ENABLE_CMAC.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ntp fixes the following issues :

Security issue fixed :

CVE-2019-8936: Fixed a NULL pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525).

Other issues addressed: Fixed several bugs in the BANCOMM reclock driver.

Fixed ntp_loopfilter.c snprintf compilation warnings.

Fixed spurious initgroups() error message.

Fixed STA_NANO struct timex units.

Fixed GPS week rollover in libparse.

Fixed incorrect poll interval in packet.

Added a missing check for ENABLE_CMAC.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201903-15 (NTP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in NTP. Please review the       CVE identifiers referenced below for details.
  Impact :

    An attacker could cause a Denial of Service condition, escalate       privileges, or remotely execute arbitrary code.
  Workaround :

    There is no known workaround at this time.

The version of the remote NTP server is 4.x prior to 4.2.8p13, or is 4.3.x prior to 4.3.94. It is, therefore, affected by a denial of service vulnerability due to a flaw in handling authenticated mode 6 traffic. An authenticated attacker can exploit this issue to cause application crashes.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

New ntp packages are available for Slackware 14.0, 14.1, 14.2, and
-current to fix a security issue.

Network Time Foundation reports :

A crafted malicious authenticated mode 6 (ntpq) packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd.

Note that for this attack to work, the sending system must be on an address that the target's ntpd accepts mode 6 packets from, and must use a private key that is specifically listed as being used for mode 6 authorization.

Impact: The ntpd daemon can crash due to the NULL pointer dereference, causing a denial of service.

Mitigation :

- Use restrict noquery to limit addresses that can send mode 6 queries.

- Limit access to the private controlkey in ntp.keys.

- Upgrade to 4.2.8p13, or later.

ID	Name	Product	Family	Severity
148842	Ubuntu 20.04 LTS : NTP vulnerability (USN-4563-2)	Nessus	Ubuntu Local Security Checks	high
148664	Juniper Junos OS Vulnerability (JSA11115)	Nessus	Junos Local Security Checks	high
141110	Ubuntu 18.04 LTS : NTP vulnerability (USN-4563-1)	Nessus	Ubuntu Local Security Checks	high
135619	EulerOS Virtualization 3.0.2.2 : ntp (EulerOS-SA-2020-1457)	Nessus	Huawei Local Security Checks	critical
128941	EulerOS Virtualization for ARM 64 3.0.2.0 : ntp (EulerOS-SA-2019-1938)	Nessus	Huawei Local Security Checks	high
128912	EulerOS 2.0 SP2 : ntp (EulerOS-SA-2019-1860)	Nessus	Huawei Local Security Checks	high
128801	EulerOS 2.0 SP5 : ntp (EulerOS-SA-2019-1878)	Nessus	Huawei Local Security Checks	high
128156	Photon OS 3.0: Ntp PHSA-2019-3.0-0024	Nessus	PhotonOS Local Security Checks	high
127006	EulerOS 2.0 SP8 : ntp (EulerOS-SA-2019-1769)	Nessus	Huawei Local Security Checks	high
125292	Amazon Linux AMI : ntp (ALAS-2019-1206)	Nessus	Amazon Linux Local Security Checks	high
124734	EulerOS Virtualization 2.5.3 : ntp (EulerOS-SA-2019-1356)	Nessus	Huawei Local Security Checks	high
124532	Fedora 30 : ntp (2019-b0c7f0d94a)	Nessus	Fedora Local Security Checks	high
123813	openSUSE Security Update : ntp (openSUSE-2019-1158)	Nessus	SuSE Local Security Checks	high
123773	openSUSE Security Update : ntp (openSUSE-2019-1143)	Nessus	SuSE Local Security Checks	high
123500	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2019:0789-1)	Nessus	SuSE Local Security Checks	high
123454	SUSE SLES11 Security Update : ntp (SUSE-SU-2019:13991-1)	Nessus	SuSE Local Security Checks	high
123451	SUSE SLED15 / SLES15 Security Update : ntp (SUSE-SU-2019:0777-1)	Nessus	SuSE Local Security Checks	high
123449	SUSE SLES12 Security Update : ntp (SUSE-SU-2019:0775-1)	Nessus	SuSE Local Security Checks	high
122937	GLSA-201903-15 : NTP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
122777	Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p13 / 4.3.x < 4.3.94 DoS	Nessus	Misc.	high
122740	Slackware 14.0 / 14.1 / 14.2 / current : ntp (SSA:2019-067-01)	Nessus	Slackware Local Security Checks	high
122685	FreeBSD : ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet (c2576e14-36e2-11e9-9eda-206a8a720317)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2019-8936

high

Tenable Plugins

high

high

high

critical

high

high

high

high

high

high

high

high

high

high

high

high

high

high

critical

high

high

high