Multiple vulnerabilities in ntpd



Published: 2020-03-19 | Updated: 2020-07-07
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2020-13817
CVE-2018-8956
CWE-ID CWE-125
CWE-399
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
ntp
Server applications / Other server solutions

Vendor ntp.org

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

Updated: 07.07.2020

Added vulnerability #4, assigned CVE-ID to vulnerability #2.

1) Out-of-bounds read

EUVDB-ID: #VU26240

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in ntp daemon with enabled ntpdc (mode 7). A remote attacker can send short packets to the affected ntp daemon and perform a denial of service attack against the ntp server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ntp: 4.0.72 - 4.3.94


CPE2.3 External links

http://support.ntp.org/bin/view/Main/NtpBug3610

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU26241

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13817

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to ntpd uses highly predictable timestamps that can allow spoofing attack over IPv4 or a denial of service attack. A remote non-authenticated attacker can modify clock on the client NTP server to terminate it.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ntp: 4.0.72 - 4.3.94


CPE2.3 External links

http://support.ntp.org/bin/view/Main/NtpBug3596

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU26242

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to unspecified error in ntp client. A remote attacker can perform a denial of service attack against an unauthenticated client.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ntp: 4.2.8p12 - 4.2.8p13


CPE2.3 External links

http://support.ntp.org/bin/view/Main/NtpBug3592
http://support.ntp.org/bin/view/Main/SecurityNotice#March_2020_ntp_4_2_8p14_NTP_Rele

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU29542

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-8956

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing NTP packets. A remote attacker that controls a slave server or is part of the same broadcast can prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

ntp: 4.2.8p10 - 4.2.8p13


CPE2.3 External links

http://www.ntp.org/
http://arxiv.org/abs/2005.01783
http://nikhiltripathi.in/NTP_attack.pdf
http://security.netapp.com/advisory/ntap-20200518-0006/
http://tools.ietf.org/html/rfc5905

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###