Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.1810
ntp security update
26 July 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ntp
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2016-2518 CVE-2016-2516 CVE-2016-1550
CVE-2016-1548 CVE-2016-1547 CVE-2015-8158
CVE-2015-8138 CVE-2015-7979 CVE-2015-7978
CVE-2015-7977 CVE-2015-7974
Reference: ASB-2016.0074
ASB-2016.0046
Original Bulletin:
http://www.debian.org/security/2016/dsa-3629
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3629-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 25, 2016 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : ntp
CVE ID : CVE-2015-7974 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979
CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548
CVE-2016-1550 CVE-2016-2516 CVE-2016-2518
Several vulnerabilities were discovered in the Network Time Protocol
daemon and utility programs:
CVE-2015-7974
Matt Street discovered that insufficient key validation allows
impersonation attacks between authenticated peers.
CVE-2015-7977 / CVE-2015-7978
Stephen Gray discovered that a NULL pointer dereference and a
buffer overflow in the handling of "ntpdc reslist" commands may
result in denial of service.
CVE-2015-7979
Aanchal Malhotra discovered that if NTP is configured for broadcast
mode, an attacker can send malformed authentication packets which
break associations with the server for other broadcast clients.
CVE-2015-8138
Matthew van Gundy and Jonathan Gardner discovered that missing
validation of origin timestamps in ntpd clients may result in denial
of service.
CVE-2015-8158
Jonathan Gardner discovered that missing input sanitising in ntpq
may result in denial of service.
CVE-2016-1547
Stephen Gray and Matthew van Gundy discovered that incorrect handling
of crypto NAK packets my result in denial of service.
CVE-2016-1548
Jonathan Gardner and Miroslav Lichvar discovered that ntpd clients
could be forced to change from basic client/server mode to interleaved
symmetric mode, preventing time synchronisation.
CVE-2016-1550
Matthew van Gundy, Stephen Gray and Loganaden Velvindron discovered
that timing leaks in the the packet authentication code could result
in recovery of a message digest.
CVE-2016-2516
Yihan Lian discovered that duplicate IPs on "unconfig" directives will
trigger an assert.
CVE-2016-2518
Yihan Lian discovered that an OOB memory access could potentially
crash ntpd.
For the stable distribution (jessie), these problems have been fixed in
version 1:4.2.6.p5+dfsg-7+deb8u2.
For the testing distribution (stretch), these problems have been fixed
in version 1:4.2.8p7+dfsg-1.
For the unstable distribution (sid), these problems have been fixed in
version 1:4.2.8p7+dfsg-1.
We recommend that you upgrade your ntp packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJXloDyAAoJEBDCk7bDfE42sEIQAITxUHR3soJpA10Z0ermNvj9
lIk50hAgupkjg7Jfvy6GoIl3vSwaW3zteLm7PGXAQVMkN4Uu7yuC/3UKia1W4T4M
Y4JqCceSpGI8Frse/hNe65q/wo7a5nNmd3zzeX477PcxvSttyQ0W5PbNofDXOWWV
C9C2NmQoWKXQoaJ7VeSUtqFPCijduxzME/NIwkZTgnfHqXHLDxkOFcogfbr/xxh3
QCnocTQBMUniVGVjIkmZJvAXYxCONfWGy4Mi8XP6PmmDiYnda6cKpYR9cQq8Rrn2
jyhH/S16k7qAboNT25rJQhD7evL+G+/lQKzwTMMif1F6UZEdCdiEcMaGxBt/be2t
WR+xiGg/xS/sSO4idz4+VzAhBTrKgkAiySHnuCIW43mSP4EQ19crEwodReEGo5ya
UyRJzX1ocYyoanhn4GI/zLutIOJHSuo/RODTVNjTtFpR40i0RfLzI0BkbAw0MOrj
gy29tneLfgzPjYMUKIpE7QKgtkEDs2PJG3tIptdR43xwRz1eQoRzNt4Iuv3174/M
T0JU5/zWYcvCPLkby3YAqOZkqi+W6VoFKyTFKD6WTKujknOTkjcRGr8bqSBuV+EV
/cPY7ksVajzOIP0Vh6zV2OjWqIEb1agE76VaYcKCgDpRAqvRMA5YRYt9zFV0VSLi
E8XbyUv2ljEkPXFAhg6n
=vLJU
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBV5a6HIx+lLeg9Ub1AQiAxg//djVE0zPvxuHEkp47Do0Gs4sYvRQ5+IZw
bP1PUA4qMCkF/t6B+BxRGC2zinz/HNlMbsptWjGsGt4Fw4Tw2OXxEDBivHGg/GGE
9mA2LYkgHAwaWUY3EMIUqgeB+x+QGDTQGTBrwaFgeCvK08otqcTZQrBduYv4lSig
9lR3K8UKuya71uTYLiqX959F7OORm+ib0RZJhFmxbC3S98EZjAmOma1d/umn17Rr
of0ZtwJBZHu8QPmT7RZDlCbad0T993NjbtppikEp8YgQmaax9TotKP/Cc9YsdlCk
cU/BlOaaL9lKS+L9k6UznDKyv6hFy4st3k5V39+I5fxSxOyy3c00FcjZW3CRIXEv
Ovl5XIU6N4vGtnn7/URMR6PpJLLLD11bDaBD1EadFsuo79D7eqBQhz9HDMmX5t3u
NgBmHErLdEGbthgnOTFeBoIJrnSSuwF9HtPdK9xoZJKGpYEs01ffMjbLbde5qett
JbEkTyyIv4meE/xMzrNKDVqMNpHit9lnRNN4QSF7GyZR1n/FQyOzD8pCeiy55Rym
KYapU4s6jjJVhGgapLtq0PmkMq++aS4iX/eBmzsonHEwRpA0CNvhnH1/+HS0EpPR
jxu/rah5pDwSaEWO9DICzGTgVutB1zEHxtNmK67CDln0R4Gda3HMahZDA9TLCfqb
JucgKo6oB/g=
=/e0P
-----END PGP SIGNATURE-----