Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2018-1009

Related Vulnerabilities: CVE-2016-7426   CVE-2016-7429   CVE-2016-7433   CVE-2016-9310   CVE-2016-9311   CVE-2017-6462   CVE-2017-6463   CVE-2017-6464  

Ephemeral association time spoofing additional protectionntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.(CVE-2018-7170) Interleaved symmetric mode cannot recover from bad statentpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.(CVE-2018-7184) Ephemeral association time spoofingA malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.(CVE-2016-1549) Buffer read overrun leads information leak in ctl_getitem()The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. (CVE-2018-7182) Unauthenticated packet can reset authenticated interleaved associationThe protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.(CVE-2018-7185) decodearr() can write beyond its buffer limitBuffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.(CVE-2018-7183)

Source

ALAS2-2018-1009

Amazon Linux 2 Security Advisory: ALAS-2018-1009
Advisory Release Date: 2018-05-10 17:11 Pacific
Advisory Updated Date: 2018-05-10 23:49 Pacific
Severity: Medium
Issue Overview:

Ephemeral association time spoofing additional protection
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.(CVE-2018-7170)

Interleaved symmetric mode cannot recover from bad state
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.(CVE-2018-7184)

Ephemeral association time spoofing
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.(CVE-2016-1549)

Buffer read overrun leads information leak in ctl_getitem()
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. (CVE-2018-7182)

Unauthenticated packet can reset authenticated interleaved association
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.(CVE-2018-7185)

decodearr() can write beyond its buffer limit
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.(CVE-2018-7183)


Affected Packages:

ntp


Issue Correction:
Run yum update ntp to update your system.

New Packages:
noarch:
    ntp-perl-4.2.6p5-28.amzn2.2.1.noarch
    ntp-doc-4.2.6p5-28.amzn2.2.1.noarch

src:
    ntp-4.2.6p5-28.amzn2.2.1.src

x86_64:
    ntp-4.2.6p5-28.amzn2.2.1.x86_64
    ntpdate-4.2.6p5-28.amzn2.2.1.x86_64
    sntp-4.2.6p5-28.amzn2.2.1.x86_64
    ntp-debuginfo-4.2.6p5-28.amzn2.2.1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started