Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0145 Multiple vulnerabilities in NTP affect Check Point Gaia OS 23 December 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Checkpoint Gaia Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Existing Account Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Existing Account Reduced Security -- Existing Account Resolution: Mitigation CVE Names: CVE-2014-9296 CVE-2014-9295 CVE-2014-9294 CVE-2014-9293 Member content until: Thursday, January 22 2015 OVERVIEW Check Point advises multiple vulnerabilities in NTP affect GAiA OS versions R75.40, R75.40VS, R75.40VS for 61000, R75.45, R75.46, R75.47, R76, R76SP for 61000, R76SP.10 for 61000, R77 and R77.10, when: 1. Gaia OS is configured only as a NTP Client 2. Gaia OS is configured as a NTP Server 3. Gaia OS is configured to use NTP Autokey Authentication.[1] IMPACT Checkpoint references the ICS-CERT advisory, ICSA-14-353-01, for details regarding the vulnerabilities: "CVE-2014-9293: If the authentication key is not set in the configuration file, ntpd will generate a weak random key with insufficient entropy. CVE-2014-9294: Prior to NTP-4.2.7p230 ntp-keygen used a weak seed to prepare a random number generator. The random numbers produced were then used to generate symmetric keys. CVE-2014-9295: A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. CVE-2014-9296: In the NTP code, a section of code is missing a return, and the resulting error indicates processing did not stop. This indicated a specific rare error occurred, which does not appear to affect system integrity. All NTP Version 4 releases before Version 4.2.8 are vulnerable".[2] MITIGATION Checkpoint advises users with vulnerable configurations of NTP to apply appropriate mitigation procedures.[1] REFERENCES [1] Check Point response to NTP vulnerabilities (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295) https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103825&src=securityAlerts [2] Advisory (ICSA-14-353-01) Network Time Protocol Vulnerabilities https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVJj+uhLndAQH1ShLAQKvWQ/9HW47q//z2Qw5XGYM3UeChlBfeNHFDdd6 h0zRyl373GLkBtovvpXG7wXaJ26mLtpwct8P2My+UFuKhq4V3+JOiEQpFn7g8o+R grq1OcuFjJI+otWT2B4IBl/jxYMTEHd4tFo+OMm15R5DZWPtU1eBbm2jMvx0TsA7 diDh4tzfDGNlV9SyQAUb52NjYHwQhKI1dBsGQLb9pCEUjEsMm1lR+UtSwTOEeS0T TcW7qleIEJQovvWjL+/T8IB09f34H6HBb2FDNHwLl1oESIhJoQO5fX2A8tAuSass 9RBifSS33UBvTfNdWQk1JqPpyeAk+/jvsFGNoITo6ldmAhdBA+aleKMLit+px3Oh ZYUnYH2sEB4INhwXmJs5x9RFT2nUOGQjNzgXm+pQiUivxtx0nTVg91YL3w+uGoFF OojyoJIURjk3Ip1y9XmW7CbinDUjoeF1YcquC9AEsr+CetNhqFO7zRqOVn5Q0KnK ssVNABA9sRDdK+A9UosrIuQngklN7YxtiQpybIvqN3Y/2HOWRQQXbId7930XXggH MKFfBh5Wk4Ji92qNWRKG+3Jn7/9peFm/2XX5MSeHDVA3UOnZ2fYFdkfTRwDKN8Lb 8q87zncidS8xxzUMMbHc2M+c+Psk4MXXCBgxA/F3lgaYB1XrDNgDu7Dk8gJxAzgT SGCaPjpxqyc= =Pa+N -----END PGP SIGNATURE-----