FreeBSD : ntp -- Multiple vulnerabilities (591a706b-5cdc-11ea-9a0a-206a8a720317)

high Nessus Plugin ID 134256

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

nwtime.org reports :

Three ntp vulnerabilities, Depending on configuration, may have little impact up to termination of the ntpd process.

NTP Bug 3610: Process_control() should exit earlier on short packets.
On systems that override the default and enable ntpdc (mode 7) fuzz testing detected that a short packet will cause ntpd to read uninitialized data.

NTP Bug 3596: An unauthenticated unmonitored ntpd is vulnerable to attack on IPv4 with highly predictable transmit timestamps. An off-path attacker who can query time from the victim's ntp which receives time from an unauthenticated time source must be able to send from a spoofed IPv4 address of upstream ntp server and and the victim must be able to process a large number of packets with the spoofed IPv4 address of the upstream server. After eight or more successful attacks in a row the attacker can either modify the victim's clock by a small amount or cause ntpd to terminate. The attack is especially effective when unusually short poll intervals have been configured.

NTP Bug 3592: The fix for https://bugs.ntp.org/3445 introduced a bug such that a ntp can be prevented from initiating a time volley to its peer resulting in a DoS.

All three NTP bugs may result in DoS or terimation of the ntp daemon.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?300313a1

Plugin Details

Severity: High

ID: 134256

File Name: freebsd_pkg_591a706b5cdc11ea9a0a206a8a720317.nasl

Version: 1.2

Type: local

Published: 3/6/2020

Updated: 3/20/2020

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ntp, p-cpe:/a:freebsd:freebsd:ntp-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 3/3/2020

Vulnerability Publication Date: 5/30/2019

Reference Information

FreeBSD: SA-20:09.ntp