-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
Multiple vulnerabilities in NTP affect Check Point Gaia OS
23 December 2014
AusCERT Security Bulletin Summary
Product: Checkpoint Gaia
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Privileged Data -- Existing Account
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Existing Account
Reduced Security -- Existing Account
CVE Names: CVE-2014-9296 CVE-2014-9295 CVE-2014-9294
Member content until: Thursday, January 22 2015
Check Point advises multiple vulnerabilities in NTP affect GAiA OS
versions R75.40, R75.40VS, R75.40VS for 61000, R75.45, R75.46, R75.47,
R76, R76SP for 61000, R76SP.10 for 61000, R77 and R77.10, when:
1. Gaia OS is configured only as a NTP Client
2. Gaia OS is configured as a NTP Server
3. Gaia OS is configured to use NTP Autokey Authentication.
Checkpoint references the ICS-CERT advisory, ICSA-14-353-01,
for details regarding the vulnerabilities:
"CVE-2014-9293: If the authentication key is not set in the
configuration file, ntpd will generate a weak random key with
CVE-2014-9294: Prior to NTP-4.2.7p230 ntp-keygen used a weak seed
to prepare a random number generator. The random numbers produced
were then used to generate symmetric keys.
CVE-2014-9295: A remote attacker can send a carefully crafted
packet that can overflow a stack buffer and potentially allow
malicious code to be executed with the privilege level of the ntpd
CVE-2014-9296: In the NTP code, a section of code is missing a
return, and the resulting error indicates processing did not stop.
This indicated a specific rare error occurred, which does not appear
to affect system integrity. All NTP Version 4 releases before
Version 4.2.8 are vulnerable".
Checkpoint advises users with vulnerable configurations of NTP to
apply appropriate mitigation procedures.
 Check Point response to NTP vulnerabilities (CVE-2014-9293,
 Advisory (ICSA-14-353-01) Network Time Protocol Vulnerabilities
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----