Synopsis
The remote NTP server is affected by multiple vulnerabilities.
Description
The version of the remote NTP server is 4.x prior to 4.2.8p8 or 4.3.x prior to 4.3.93. It is, therefore, affected by the following vulnerabilities :
- A denial of service vulnerability exists when handling authentication due to improper packet timestamp checks.
An unauthenticated, remote attacker can exploit this, via a specially crafted and spoofed packet, to demobilize the ephemeral associations. (CVE-2016-4953)
- A flaw exists that is triggered when handling spoofed packets. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to affect peer variables (e.g., cause leap indications to be set). Note that the attacker must be able to spoof packets with correct origin timestamps from servers before expected response packets arrive. (CVE-2016-4954)
- A flaw exists that is triggered when handling spoofed packets. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to reset autokey associations. Note that the attacker must be able to spoof packets with correct origin timestamps from servers before expected response packets arrive.
(CVE-2016-4955)
- A flaw exists when handling broadcast associations that allows an unauthenticated, remote attacker to cause a broadcast client to change into interleave mode.
(CVE-2016-4956)
- A denial of service vulnerability exists when handling CRYPTO_NAK packets that allows an unauthenticated, remote attacker to cause a crash. Note that this issue only affects versions 4.2.8p7 and 4.3.92.
(CVE-2016-4957)
Solution
Upgrade to NTP version 4.2.8p8 / 4.3.93 or later.
Plugin Details
File Name: ntp_4_2_8p8.nasl
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ntp:ntp
Required KB Items: NTP/Running, Settings/ParanoidReport
Exploit Ease: No known exploits are available
Patch Publication Date: 6/2/2016
Vulnerability Publication Date: 6/2/2016