Lucene search
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2020-14415-1.NASLHistoryJun 10, 2021 - 12:00 a.m.
SUSE SLES11 Security Update : ntp (SUSE-SU-2020:14415-1)
2021-06-1000:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14415-1 advisory.
-
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attackerβs behalf and send them to the attacker.
(CVE-2018-8956) -
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. (CVE-2020-11868)
-
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victimβs ntpd instance. (CVE-2020-13817)
-
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. (CVE-2020-15025)
Note that Nessus has not tested for this issue but has instead relied only on the applicationβs self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2020:14415-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(150680);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/06/10");
script_cve_id(
"CVE-2018-8956",
"CVE-2020-11868",
"CVE-2020-13817",
"CVE-2020-15025"
);
script_xref(name:"SuSE", value:"SUSE-SU-2020:14415-1");
script_xref(name:"IAVA", value:"2020-A-0167-S");
script_xref(name:"IAVA", value:"2020-A-0289");
script_name(english:"SUSE SLES11 Security Update : ntp (SUSE-SU-2020:14415-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in
the SUSE-SU-2020:14415-1 advisory.
- ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client
from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The
attacker must either be a part of the same broadcast network or control a slave in that broadcast network
that can capture certain required packets on the attacker's behalf and send them to the attacker.
(CVE-2018-8956)
- ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated
synchronization via a server mode packet with a spoofed source IP address, because transmissions are
rescheduled even when a packet lacks a valid origin timestamp. (CVE-2020-11868)
- ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service
(daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The
victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can
query time from the victim's ntpd instance. (CVE-2020-13817)
- ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of
service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC
key is used and associated with a CMAC algorithm in the ntp.keys file. (CVE-2020-15025)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1169740");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1171355");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1172651");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173334");
# https://lists.suse.com/pipermail/sle-security-updates/2020-July/007061.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?84bd7b7c");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-8956");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-11868");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-13817");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-15025");
script_set_attribute(attribute:"solution", value:
"Update the affected ntp and / or ntp-doc packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13817");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/17");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp-doc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
pkgs = [
{'reference':'ntp-4.2.8p15-64.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
{'reference':'ntp-doc-4.2.8p15-64.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
{'reference':'ntp-4.2.8p15-64.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
{'reference':'ntp-doc-4.2.8p15-64.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
sp = NULL;
cpu = NULL;
exists_check = NULL;
rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && release && exists_check) {
if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
else if (reference && release) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
ltss_plugin_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in SUSE Enterprise Linux Server LTSS\n' +
'repositories. Access to these package security updates require\n' +
'a paid SUSE LTSS subscription.\n';
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + ltss_plugin_caveat
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ntp / ntp-doc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | ntp | p-cpe:/a:novell:suse_linux:ntp |
| novell | suse_linux | ntp-doc | p-cpe:/a:novell:suse_linux:ntp-doc |
| novell | suse_linux | 11 | cpe:/o:novell:suse_linux:11 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11868
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13817
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15025
www.nessus.org/u?84bd7b7c
bugzilla.suse.com/1169740
bugzilla.suse.com/1171355
bugzilla.suse.com/1172651
bugzilla.suse.com/1173334
www.suse.com/security/cve/CVE-2018-8956
www.suse.com/security/cve/CVE-2020-11868
www.suse.com/security/cve/CVE-2020-13817
www.suse.com/security/cve/CVE-2020-15025
Related
ibm
ibm
suse
suse
Security update for ntp (moderate)
2020-07-19 00:00:00
Security update for ntp (moderate)
2020-07-06 00:00:00
nessus
nessus
openSUSE Security Update : ntp (openSUSE-2020-934)
2020-07-20 00:00:00
SUSE SLES12 Security Update : ntp (SUSE-SU-2020:1805-1)
2020-07-09 00:00:00
openSUSE Security Update : ntp (openSUSE-2020-1007)
2020-07-20 00:00:00
openvas
openvas
openSUSE: Security Advisory for ntp (openSUSE-SU-2020:0934-1)
2020-07-07 00:00:00
CentOS: Security Advisory for ntp (CESA-2020:2663)
2020-06-24 00:00:00
Fedora: Security Advisory for ntp (FEDORA-2020-a0b39d58db)
2020-07-02 00:00:00
gentoo
gentoo
NTP: Multiple vulnerabilities
2020-07-26 00:00:00
aix
aix
There are vulnerabilities in NTPv4 that affect AIX.
2020-10-26 15:14:11
fedora
fedora
[SECURITY] Fedora 32 Update: ntp-4.2.8p15-1.fc32
2020-07-02 01:13:48
oraclelinux
oraclelinux
ntp security update
2020-06-24 00:00:00
amazon
amazon
Medium: ntp
2020-07-14 02:38:00
centos
centos
ntp, ntpdate, sntp security update
2020-06-23 19:52:57
redhat
redhat
(RHSA-2020:2663) Moderate: ntp security update
2020-06-23 11:08:48
prion
prion
Design/Logic Flaw
2020-06-04 13:15:00
Design/Logic Flaw
2020-04-17 04:15:00
Code injection
2020-05-06 19:15:00
mageia
mageia
Updated ntp packages fix security vulnerability
2020-07-05 22:48:23
Updated ntp packages fix security vulnerability
2020-05-15 18:48:04
veracode
veracode
Denial Of Service (DoS)
2020-12-06 03:35:48
Denial Of Service (DoS)
2020-06-24 03:08:05
Denial Of Service (DoS)
2020-06-24 03:08:04
ubuntu
ubuntu
NTP vulnerability
2021-12-06 00:00:00
cve
cve
osv
osv
ntp vulnerability
2021-12-06 14:10:56
ntp - security update
2020-05-05 00:00:00
redhatcve
redhatcve
f5
f5
K55376430 : NTP vulnerabilities CVE-2020-13817
2020-09-09 00:00:00
K44305703 : NTP vulnerability CVE-2020-11868
2020-06-02 00:00:00
ubuntucve
ubuntucve
debiancve
debiancve
cloudlinux
cloudlinux
Fix of CVE: CVE-2020-11868
2021-10-05 14:08:54
Fix of CVE: CVE-2020-11868
2021-09-30 16:12:36
photon
photon
Moderate Photon OS Security Update - PHSA-2020-0133
2020-08-29 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0374
2021-03-23 00:00:00
Moderate Photon OS Security Update - PHSA-2020-3.0-0133
2020-08-29 00:00:00
debian
debian
[SECURITY] [DLA 2201-1] ntp security update
2020-05-05 10:03:33
ics
ics
βHitachi Energy AFF66x
2023-08-22 12:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1932
2021-07-02 17:35:16
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Related for SUSE_SU-2020-14415-1.NASL