Vulmon
Amazon Linux AMI Security Advisory: ALAS-2015-593
Advisory Release Date: 2015-09-02 12:00 Pacific
Advisory Updated Date: 2016-02-09 13:30 Pacific
As <a href="http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi">discussed upstream</a>, a flaw was found in the way ntpd processed certain remote configuration packets. Note that remote configuration is disabled by default in NTP. (CVE-2015-5146)
It was found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). (CVE-2015-7703)
It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. (CVE-2015-5194)
It was found that ntpd exits with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) is referenced by the statistics or filegen configuration command. (CVE-2015-5195)
It was discovered that sntp would hang in an infinite loop when a crafted NTP packet was received, related to the conversion of the precision value in the packet to double. (CVE-2015-5219)
A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)
Affected Packages:
ntp
Issue Correction:
Run yum update ntp to update your system.
i686:
ntpdate-4.2.6p5-33.26.amzn1.i686
ntp-debuginfo-4.2.6p5-33.26.amzn1.i686
ntp-4.2.6p5-33.26.amzn1.i686
noarch:
ntp-doc-4.2.6p5-33.26.amzn1.noarch
ntp-perl-4.2.6p5-33.26.amzn1.noarch
src:
ntp-4.2.6p5-33.26.amzn1.src
x86_64:
ntp-4.2.6p5-33.26.amzn1.x86_64
ntpdate-4.2.6p5-33.26.amzn1.x86_64
ntp-debuginfo-4.2.6p5-33.26.amzn1.x86_64