AmazonALAS-2015-593Low: ntp
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.352 Low
EPSS
Percentile
97.1%
Issue Overview:
As discussed upstream (http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi), a flaw was found in the way ntpd processed certain remote configuration packets. Note that remote configuration is disabled by default in NTP. (CVE-2015-5146)
It was found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). (CVE-2015-7703)
It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. (CVE-2015-5194)
It was found that ntpd exits with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) is referenced by the statistics or filegen configuration command. (CVE-2015-5195)
It was discovered that sntp would hang in an infinite loop when a crafted NTP packet was received, related to the conversion of the precision value in the packet to double. (CVE-2015-5219)
A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)
Affected Packages:
ntp
Issue Correction:
Run yum update ntp to update your system.
New Packages:
i686:
ntpdate-4.2.6p5-33.26.amzn1.i686
ntp-debuginfo-4.2.6p5-33.26.amzn1.i686
ntp-4.2.6p5-33.26.amzn1.i686
noarch:
ntp-doc-4.2.6p5-33.26.amzn1.noarch
ntp-perl-4.2.6p5-33.26.amzn1.noarch
src:
ntp-4.2.6p5-33.26.amzn1.src
x86_64:
ntp-4.2.6p5-33.26.amzn1.x86_64
ntpdate-4.2.6p5-33.26.amzn1.x86_64
ntp-debuginfo-4.2.6p5-33.26.amzn1.x86_64
Additional References
Red Hat: CVE-2015-3405, CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5219, CVE-2015-7703
Mitre: CVE-2015-3405, CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5219, CVE-2015-7703
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | ntpdate | < 4.2.6p5-33.26.amzn1 | ntpdate-4.2.6p5-33.26.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ntp-debuginfo | < 4.2.6p5-33.26.amzn1 | ntp-debuginfo-4.2.6p5-33.26.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ntp | < 4.2.6p5-33.26.amzn1 | ntp-4.2.6p5-33.26.amzn1.i686.rpm |
| Amazon Linux | 1 | noarch | ntp-doc | < 4.2.6p5-33.26.amzn1 | ntp-doc-4.2.6p5-33.26.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | ntp-perl | < 4.2.6p5-33.26.amzn1 | ntp-perl-4.2.6p5-33.26.amzn1.noarch.rpm |
| Amazon Linux | 1 | x86_64 | ntp | < 4.2.6p5-33.26.amzn1 | ntp-4.2.6p5-33.26.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | ntpdate | < 4.2.6p5-33.26.amzn1 | ntpdate-4.2.6p5-33.26.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | ntp-debuginfo | < 4.2.6p5-33.26.amzn1 | ntp-debuginfo-4.2.6p5-33.26.amzn1.x86_64.rpm |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.352 Low
EPSS
Percentile
97.1%