Multiple Vulnerabilities in ntpd Affecting Cisco Products

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition.

On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows:

CVE-2014-9293: Weak Default Key in config_auth()
CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to Generate Symmetric Keys
CVE-2014-9295: Multiple Buffer Overflow Vulnerabilities in ntpd
CVE-2014-9296: ntpd receive(): Missing Return on Error
On February 4, 2015, NTP.org and US-CERT released two additional vulnerabilities regarding improper validation of vallen in ntp_crypto.c and an IPv6 ::1 ACL bypass vulnerability. These vulnerabilities were added to their original advisory. For completeness, these vulnerabilities are referenced in this document as follows:

CVE-2014-9297: NTP ntp_crypto.c Improper Validation Vulnerability
CVE-2014-9298: NTP IPv6 ACL Bypass Vulnerability
This advisory will be updated as additional information becomes available.

Cisco will release software updates that address these vulnerabilities.

Workarounds that mitigate these vulnerabilities are available.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd”]