Arch Linux update for ntp



Published: 2016-11-26 | Updated: 2017-05-03
Risk Medium
Patch available YES
Number of vulnerabilities 9
CVE-ID CVE-2016-7426
CVE-2016-7427
CVE-2016-7428
CVE-2016-7429
CVE-2016-7431
CVE-2016-7433
CVE-2016-7434
CVE-2016-9310
CVE-2016-9311
CWE-ID CWE-399
CWE-400
CWE-19
CWE-20
CWE-682
CWE-284
CWE-476
Exploitation vector Network
Public exploit Public exploit code for vulnerability #7 is available.
Vulnerable software
Subscribe
Arch Linux
Operating systems & Components / Operating system

Vendor Arch Linux

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

1) Resource management errors

EUVDB-ID: #VU12303

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-7426

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to rate limits responses received from the configured sources when rate limiting for all associations is enabled. A remote attacker can send responses with a spoofed source address and cause the service to crash.

Mitigation

Update the affected package ntp to version 4.2.8.p9-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201611-28


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU39822

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-7427

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.

Mitigation

Update the affected package ntp to version 4.2.8.p9-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201611-28


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU39823

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-7428

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.

Mitigation

Update the affected package ntp to version 4.2.8.p9-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201611-28


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Data handling

EUVDB-ID: #VU12302

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-7429

CWE-ID: CWE-19 - Data Handling

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to changing the peer structure to the interface NTP receives the response from a source. A remote attacker can send a response for a source to an interface the source does not use and cause the service to crash.

Mitigation

Update the affected package ntp to version 4.2.8.p9-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201611-28


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU39824

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-7431

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.

Mitigation

Update the affected package ntp to version 4.2.8.p9-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201611-28


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Incorrect calcualtion

EUVDB-ID: #VU12304

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-7433

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper performance of the initial sync calculations. A remote attacker can cause the service to crash via unknown vectors, related to a "root distance that did not include the peer dispersion."

Mitigation

Update the affected package ntp to version 4.2.8.p9-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201611-28


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU39825

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-7434

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.

Mitigation

Update the affected package ntp to version 4.2.8.p9-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201611-28


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Improper access control

EUVDB-ID: #VU12305

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9310

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information and cause DoS condition on the target system.

The weakness exists in the control mode (mode 6) functionality in ntpd due to improper access control. A remote attacker can set or unset traps via a specially crafted control mode packet, gain access to potentially sensitive information and cause the service to crash.

Mitigation

Update the affected package ntp to version 4.2.8.p9-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201611-28


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU12306

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9311

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in ntpd due to NULL pointer dereference when the trap service is enabled. A remote attacker can submit a specially crafted packet and cause the service to crash.

Mitigation

Update the affected package ntp to version 4.2.8.p9-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201611-28


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###