USN-3096-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-3096-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-3096-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-3096-1
Related
Published
2016-10-05T18:01:12.198152Z
Modified
2016-10-05T18:01:12.198152Z
Summary
ntp vulnerabilities
Details

Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973)

Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974)

Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. An attacker could possibly use this issue to cause ntpq to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7975)

Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976)

Stephen Gray discovered that NTP incorrectly handled large restrict lists. An attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7977, CVE-2015-7978)

Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7979)

Jonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138)

Jonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. An attacker could possibly use this issue to cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158)

It was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727)

Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1547)

Miroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly handled switching to interleaved symmetric mode. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548)

Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. A remote attacker could possibly use this issue to recover the message digest key. (CVE-2016-1550)

Yihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. An authenticated remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2516)

Yihan Lian discovered that NTP incorrectly handled certail peer associations. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2518)

Jakub Prokes discovered that NTP incorrectly handled certain spoofed packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4954)

Miroslav Lichvar discovered that NTP incorrectly handled certain packets when autokey is enabled. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4955)

Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed broadcast packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4956)

In the default installation, attackers would be isolated by the NTP AppArmor profile.

References

Affected packages

Ubuntu:14.04:LTS / ntp

Package

Name
ntp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.2.6.p5+dfsg-3ubuntu2.14.04.10

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "ntpdate": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10",
            "ntp-doc": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10",
            "ntp": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10"
        }
    ]
}

Ubuntu:16.04:LTS / ntp

Package

Name
ntp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.2.8p4+dfsg-3ubuntu5.3

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "ntpdate": "1:4.2.8p4+dfsg-3ubuntu5.3",
            "ntp-doc": "1:4.2.8p4+dfsg-3ubuntu5.3",
            "ntp": "1:4.2.8p4+dfsg-3ubuntu5.3"
        }
    ]
}