Lucene search
+L

Amazon Linux: Security Advisory (ALAS-2015-520)

🗓️ 08 Sep 2015 00:00:00Reported by Copyright (C) 2015 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 27 Views

The remote host is missing an update for the 'ntp' package(s) announced via the ALAS-2015-520 advisory. The update addresses issues related to the symmetric-key feature, state-variable updates, and leap-second handling in ntpd

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index
31 Jan 202100:10
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-1798, CVE-2015-1799, and CVE-2015-3405)
16 Jun 201821:30
ibm
IBM Security Bulletins
Security Bulletin: IBM Security Access Manager for Mobile is affected by multiple NTP vulnerabilities
16 Jun 201821:39
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
17 Jun 201822:33
ibm
IBM Security Bulletins
Security Bulletin: A security vulnerability with ntpd affects IBM Flex System Manager (CVE-2015-1799)
18 Jun 201801:29
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect PowerKVM
18 Jun 201801:30
ibm
IBM Security Bulletins
Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available
16 Jun 201821:38
ibm
IBM Security Bulletins
Security Bulletin: IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in Network Time Protocol
18 Oct 201903:50
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in ntp affect Power Hardware Management Console (CVE-2015-1798 CVE-2015-1799 CVE-2015-3405)
23 Sep 202101:31
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in GNU C Library (glibc), OpenSSL and NTP affect IBM Flex System Chassis Management Module (CMM)
31 Jan 201902:10
ibm
Rows per page
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.120060");
  script_cve_id("CVE-2015-1798", "CVE-2015-1799");
  script_tag(name:"creation_date", value:"2015-09-08 11:16:30 +0000 (Tue, 08 Sep 2015)");
  script_version("2025-01-23T05:37:38+0000");
  script_tag(name:"last_modification", value:"2025-01-23 05:37:38 +0000 (Thu, 23 Jan 2025)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:A/AC:M/Au:N/C:N/I:P/A:P");

  script_name("Amazon Linux: Security Advisory (ALAS-2015-520)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_family("Amazon Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/amazon_linux", "ssh/login/release");

  script_xref(name:"Advisory-ID", value:"ALAS-2015-520");
  script_xref(name:"URL", value:"https://alas.aws.amazon.com/ALAS-2015-520.html");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1196635");
  script_xref(name:"URL", value:"https://forums.aws.amazon.com/ann.jspa?annID=3064");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'ntp' package(s) announced via the ALAS-2015-520 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. (CVE-2015-1798)

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. (CVE-2015-1799)

This update also addresses leap-second handling. With older ntp versions, the -x option was sometimes used as a workaround to avoid kernel inserting/deleting leap seconds by stepping the clock and possibly upsetting running applications. That no longer works with 4.2.6 as ntpd steps the clock itself when a leap second occurs. The fix is to treat the one second offset gained during leap second as a normal offset and check the stepping threshold (set by -x or tinker step) to decide if a step should be applied. See this forum post for more information on the Amazon Linux AMI's leap-second handling.");

  script_tag(name:"affected", value:"'ntp' package(s) on Amazon Linux.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "AMAZON") {

  if(!isnull(res = isrpmvuln(pkg:"ntp", rpm:"ntp~4.2.6p5~30.24.amzn1", rls:"AMAZON"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ntp-debuginfo", rpm:"ntp-debuginfo~4.2.6p5~30.24.amzn1", rls:"AMAZON"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ntp-doc", rpm:"ntp-doc~4.2.6p5~30.24.amzn1", rls:"AMAZON"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ntp-perl", rpm:"ntp-perl~4.2.6p5~30.24.amzn1", rls:"AMAZON"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ntpdate", rpm:"ntpdate~4.2.6p5~30.24.amzn1", rls:"AMAZON"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation