SB2016112601 - Arch Linux update for ntp

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016112601

SB2016112601 - Arch Linux update for ntp

Published: November 26, 2016 Updated: May 3, 2017

Security Bulletin ID SB2016112601
Severity
Medium
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Resource management errors (CVE-ID: CVE-2016-7426)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to rate limits responses received from the configured sources when rate limiting for all associations is enabled. A remote attacker can send responses with a spoofed source address and cause the service to crash.

2) Resource exhaustion (CVE-ID: CVE-2016-7427)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.


3) Resource exhaustion (CVE-ID: CVE-2016-7428)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.


4) Data handling (CVE-ID: CVE-2016-7429)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to changing the peer structure to the interface NTP receives the response from a source. A remote attacker can send a response for a source to an interface the source does not use and cause the service to crash.

5) Input validation error (CVE-ID: CVE-2016-7431)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.


6) Incorrect calcualtion (CVE-ID: CVE-2016-7433)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper performance of the initial sync calculations. A remote attacker can cause the service to crash via unknown vectors, related to a "root distance that did not include the peer dispersion."

7) Input validation error (CVE-ID: CVE-2016-7434)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.


8) Improper access control (CVE-ID: CVE-2016-9310)

The vulnerability allows a remote attacker to obtain potentially sensitive information and cause DoS condition on the target system.

The weakness exists in the control mode (mode 6) functionality in ntpd due to improper access control. A remote attacker can set or unset traps via a specially crafted control mode packet, gain access to potentially sensitive information and cause the service to crash.

9) NULL pointer dereference (CVE-ID: CVE-2016-9311)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in ntpd due to NULL pointer dereference when the trap service is enabled. A remote attacker can submit a specially crafted packet and cause the service to crash.

Remediation

Install update from vendor's website.

References