nessus
via4
|
NASL family | Mandriva Local Security Checks | NASL id | MANDRIVA_MDVSA-2015-140.NASL | description | Updated ntp packages fix security vulnerabilities :
If no authentication key is defined in the ntp.conf file, a
cryptographically-weak default key is generated (CVE-2014-9293).
ntp-keygen before 4.2.7p230 uses a non-cryptographic random number
generator with a weak seed to generate symmetric keys (CVE-2014-9294).
A remote unauthenticated attacker may craft special packets that
trigger buffer overflows in the ntpd functions crypto_recv() (when
using autokey authentication), ctl_putdata(), and configure(). The
resulting buffer overflows may be exploited to allow arbitrary
malicious code to be executed with the privilege of the ntpd process
(CVE-2014-9295).
A section of code in ntpd handling a rare error is missing a return
statement, therefore processing did not stop when the error was
encountered. This situation may be exploitable by an attacker
(CVE-2014-9296).
Stephen Roettger of the Google Security Team, Sebastian Krahmer of the
SUSE Security Team and Harlan Stenn of Network Time Foundation
discovered that the length value in extension fields is not properly
validated in several code paths in ntp_crypto.c, which could lead to
information leakage or denial of service (CVE-2014-9297).
Stephen Roettger of the Google Security Team reported that ACLs based
on IPv6 ::1 (localhost) addresses can be bypassed (CVE-2014-9298).
The ntp package has been patched to fix these issues. | last seen | 2019-01-16 | modified | 2018-07-19 | plugin id | 82393 | published | 2015-03-30 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=82393 | title | Mandriva Linux Security Advisory : ntp (MDVSA-2015:140) |
NASL family | Misc. | NASL id | NTP_4_2_8.NASL | description | The version of the remote NTP server is 4.x prior to 4.2.8p1. It is,
therefore, affected by the following vulnerabilities :
- A security weakness exists due to the config_auth()
function improperly generating default keys when no
authentication key is defined in the ntp.conf file.
Key size is limited to 31 bits and the insecure
ntp_random() function is used, resulting in
cryptographically-weak keys with insufficient entropy. A
remote attacker can exploit this to defeat cryptographic
protection mechanisms via a brute-force attack.
(CVE-2014-9293)
- A security weakness exists due the use of a weak seed to
prepare a random number generator used to generate
symmetric keys. This allows a remote attacker to defeat
cryptographic protection mechanisms via a brute-force
attack. (CVE-2014-9294)
- Multiple stack-based buffer overflow conditions exist
due to improper validation of user-supplied input when
handling packets in the crypto_recv(), ctl_putdata(),
and configure() functions when using autokey
authentication. A remote attacker can exploit this, via
a specially crafted packet, to cause a denial of service
condition or the execution of arbitrary code.
(CVE-2014-9295)
- A unspecified vulnerability exists due to missing return
statements in the receive() function, resulting in
continued processing even when an authentication error
is encountered. This allows a remote attacker, via
specially crafted packets, to trigger unintended
association changes. (CVE-2014-9296)
- An information disclosure vulnerability exists due to
improper validation of the 'vallen' value in extension
fields in ntp_crypto.c. A remote attacker can exploit
this to disclose sensitive information. (CVE-2014-9750)
- A security bypass vulnerability exists due to a failure
to restrict ::1 source addresses on IPv6 interfaces. A
remote attacker can exploit this to bypass configured
ACLs based on ::1. (CVE-2014-9751)
Note that CVE-2014-9750 and CVE-2014-9751 supersede the discontinued
identifiers CVE-2014-9297 and CVE-2014-9298, which were originally
cited in the vendor advisory. | last seen | 2019-01-16 | modified | 2018-07-16 | plugin id | 81981 | published | 2015-03-20 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=81981 | title | Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p1 Multiple Vulnerabilities |
NASL family | SuSE Local Security Checks | NASL id | OPENSUSE-2014-792.NASL | description | The network timeservice ntp was updated to fix critical security
issues (bnc#910764, CERT VU#852879)
- A potential remote code execution problem was found
inside ntpd. The functions crypto_recv() (when using
autokey authentication), ctl_putdata(), and configure()
where updated to avoid buffer overflows that could be
exploited. (CVE-2014-9295)
- Furthermore a problem inside the ntpd error handling was
found that is missing a return statement. This could
also lead to a potentially attack vector.
(CVE-2014-9296) | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 80151 | published | 2014-12-22 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80151 | title | openSUSE Security Update : ntp (openSUSE-SU-2014:1670-1) |
NASL family | Red Hat Local Security Checks | NASL id | REDHAT-RHSA-2015-0104.NASL | description | Updated ntp packages that fix several security issues are now
available for Red Hat Enterprise Linux 6.5 Extended Update Support.
Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
The Network Time Protocol (NTP) is used to synchronize a computer's
time with a referenced time source.
Multiple buffer overflow flaws were discovered in ntpd's
crypto_recv(), ctl_putdata(), and configure() functions. A remote
attacker could use either of these flaws to send a specially crafted
request packet that could crash ntpd or, potentially, execute
arbitrary code with the privileges of the ntp user. Note: the
crypto_recv() flaw requires non-default configurations to be active,
while the ctl_putdata() flaw, by default, can only be exploited via
local attackers, and the configure() flaw requires additional
authentication to exploit. (CVE-2014-9295)
It was found that ntpd automatically generated weak keys for its
internal use if no ntpdc request authentication key was specified in
the ntp.conf configuration file. A remote attacker able to match the
configured IP restrictions could guess the generated key, and possibly
use it to send ntpdc query or configuration requests. (CVE-2014-9293)
It was found that ntp-keygen used a weak method for generating MD5
keys. This could possibly allow an attacker to guess generated MD5
keys that could then be used to spoof an NTP client or server. Note:
it is recommended to regenerate any MD5 keys that had explicitly been
generated with ntp-keygen; the default installation does not contain
such keys. (CVE-2014-9294)
A missing return statement in the receive() function could potentially
allow a remote attacker to bypass NTP's authentication mechanism.
(CVE-2014-9296)
All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing
the update, the ntpd daemon will restart automatically. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 81071 | published | 2015-01-29 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=81071 | title | RHEL 6 : ntp (RHSA-2015:0104) |
NASL family | Slackware Local Security Checks | NASL id | SLACKWARE_SSA_2014-356-01.NASL | description | New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, and -current to fix security issues. | last seen | 2019-01-16 | modified | 2015-11-01 | plugin id | 80204 | published | 2014-12-23 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80204 | title | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2014-356-01) |
NASL family | Mandriva Local Security Checks | NASL id | MANDRIVA_MDVSA-2015-003.NASL | description | Updated ntp packages fix security vulnerabilities :
If no authentication key is defined in the ntp.conf file, a
cryptographically-weak default key is generated (CVE-2014-9293).
ntp-keygen before 4.2.7p230 uses a non-cryptographic random number
generator with a weak seed to generate symmetric keys (CVE-2014-9294).
A remote unauthenticated attacker may craft special packets that
trigger buffer overflows in the ntpd functions crypto_recv() (when
using autokey authentication), ctl_putdata(), and configure(). The
resulting buffer overflows may be exploited to allow arbitrary
malicious code to be executed with the privilege of the ntpd process
(CVE-2014-9295).
A section of code in ntpd handling a rare error is missing a return
statement, therefore processing did not stop when the error was
encountered. This situation may be exploitable by an attacker
(CVE-2014-9296).
The ntp package has been patched to fix these issues. | last seen | 2019-01-16 | modified | 2018-07-19 | plugin id | 80384 | published | 2015-01-06 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80384 | title | Mandriva Linux Security Advisory : ntp (MDVSA-2015:003) |
NASL family | FreeBSD Local Security Checks | NASL id | FREEBSD_PKG_4033D82687DD11E490793C970E169BC2.NASL | description | CERT reports :
The Network Time Protocol (NTP) provides networked systems with a way
to synchronize time for various services and applications. ntpd
version 4.2.7 and previous versions allow attackers to overflow
several buffers in a way that may allow malicious code to be executed.
ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic
random number generator when generating symmetric keys.
The buffer overflow vulnerabilities in ntpd may allow a remote
unauthenticated attacker to execute arbitrary malicious code with the
privilege level of the ntpd process. The weak default key and
non-cryptographic random number generator in ntp-keygen may allow an
attacker to gain information regarding the integrity checking and
authentication encryption schemes. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 80149 | published | 2014-12-22 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80149 | title | FreeBSD : ntp -- multiple vulnerabilities (4033d826-87dd-11e4-9079-3c970e169bc2) |
NASL family | Solaris Local Security Checks | NASL id | SOLARIS11_NTP_20150120.NASL | description | The remote Solaris system is missing necessary patches to address
security updates :
- Multiple stack-based buffer overflows in ntpd in NTP
before 4.2.8 allow remote attackers to execute arbitrary
code via a crafted packet, related to (1) the
crypto_recv function when the Autokey Authentication
feature is used, (2) the ctl_putdata function, and (3)
the configure function. (CVE-2014-9295)
- The receive function in ntp_proto.c in ntpd in NTP
before 4.2.8 continues to execute after detecting a
certain authentication error, which might allow remote
attackers to trigger an unintended association change
via crafted packets. (CVE-2014-9296) | last seen | 2019-01-16 | modified | 2018-11-15 | plugin id | 80934 | published | 2015-01-23 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80934 | title | Oracle Solaris Third-Party Patch Update : ntp (multiple_vulnerabilities_in_ntp) |
NASL family | OracleVM Local Security Checks | NASL id | ORACLEVM_OVMSA-2014-0085.NASL | description | The remote OracleVM system is missing necessary patches to address
critical security updates :
- don't generate weak control key for resolver
(CVE-2014-9293)
- don't generate weak MD5 keys in ntp-keygen
(CVE-2014-9294)
- fix buffer overflows via specially-crafted packets
(CVE-2014-9295)
- don't mobilize passive association when authentication
fails (CVE-2014-9296) | last seen | 2019-01-16 | modified | 2018-07-24 | plugin id | 80248 | published | 2014-12-26 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80248 | title | OracleVM 3.3 : ntp (OVMSA-2014-0085) |
NASL family | Scientific Linux Local Security Checks | NASL id | SL_20141220_NTP_ON_SL6_X.NASL | description | Multiple buffer overflow flaws were discovered in ntpd's
crypto_recv(), ctl_putdata(), and configure() functions. A remote
attacker could use either of these flaws to send a specially crafted
request packet that could crash ntpd or, potentially, execute
arbitrary code with the privileges of the ntp user. Note: the
crypto_recv() flaw requires non- default configurations to be active,
while the ctl_putdata() flaw, by default, can only be exploited via
local attackers, and the configure() flaw requires additional
authentication to exploit. (CVE-2014-9295)
It was found that ntpd automatically generated weak keys for its
internal use if no ntpdc request authentication key was specified in
the ntp.conf configuration file. A remote attacker able to match the
configured IP restrictions could guess the generated key, and possibly
use it to send ntpdc query or configuration requests. (CVE-2014-9293)
It was found that ntp-keygen used a weak method for generating MD5
keys. This could possibly allow an attacker to guess generated MD5
keys that could then be used to spoof an NTP client or server. Note:
it is recommended to regenerate any MD5 keys that had explicitly been
generated with ntp-keygen; the default installation does not contain
such keys). (CVE-2014-9294)
A missing return statement in the receive() function could potentially
allow a remote attacker to bypass NTP's authentication mechanism.
(CVE-2014-9296)
After installing the update, the ntpd daemon will restart
automatically. | last seen | 2019-01-16 | modified | 2018-12-28 | plugin id | 80164 | published | 2014-12-22 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80164 | title | Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64 |
NASL family | Red Hat Local Security Checks | NASL id | REDHAT-RHSA-2014-2024.NASL | description | Updated ntp packages that fix several security issues are now
available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
The Network Time Protocol (NTP) is used to synchronize a computer's
time with a referenced time source.
Multiple buffer overflow flaws were discovered in ntpd's
crypto_recv(), ctl_putdata(), and configure() functions. A remote
attacker could use either of these flaws to send a specially crafted
request packet that could crash ntpd or, potentially, execute
arbitrary code with the privileges of the ntp user. Note: the
crypto_recv() flaw requires non-default configurations to be active,
while the ctl_putdata() flaw, by default, can only be exploited via
local attackers, and the configure() flaw requires additional
authentication to exploit. (CVE-2014-9295)
It was found that ntpd automatically generated weak keys for its
internal use if no ntpdc request authentication key was specified in
the ntp.conf configuration file. A remote attacker able to match the
configured IP restrictions could guess the generated key, and possibly
use it to send ntpdc query or configuration requests. (CVE-2014-9293)
It was found that ntp-keygen used a weak method for generating MD5
keys. This could possibly allow an attacker to guess generated MD5
keys that could then be used to spoof an NTP client or server. Note:
it is recommended to regenerate any MD5 keys that had explicitly been
generated with ntp-keygen; the default installation does not contain
such keys). (CVE-2014-9294)
A missing return statement in the receive() function could potentially
allow a remote attacker to bypass NTP's authentication mechanism.
(CVE-2014-9296)
All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing
the update, the ntpd daemon will restart automatically. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 80160 | published | 2014-12-22 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80160 | title | RHEL 6 / 7 : ntp (RHSA-2014:2024) |
NASL family | CISCO | NASL id | CISCO-SN-CSCUS27229-IOSXR.NASL | description | The remote Cisco device is running a version of IOS XR software that
is affected by the following vulnerabilities :
- Errors exist related to weak cryptographic pseudorandom
number generation (PRNG), the functions 'ntp_random' and
and 'config_auth', and the 'ntp-keygen' utility. A
man-in-the-middle attacker can exploit these to disclose
sensitive information. (CVE-2014-9293, CVE-2014-9294)
- Multiple stack-based buffer overflow errors exist in the
Network Time Protocol daemon (ntpd), which a remote
attacker can exploit to execute arbitrary code or cause
a denial of service by using a specially crafted packet.
(CVE-2014-9295)
- An error exists in the 'receive' function in the Network
Time Protocol daemon (ntpd) that allows denial of
service attacks. (CVE-2014-9296) | last seen | 2019-01-16 | modified | 2018-11-15 | plugin id | 81913 | published | 2015-03-18 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=81913 | title | Cisco IOS XR NCS 6000 Multiple ntpd Vulnerabilities |
NASL family | CISCO | NASL id | CISCO-SN-CSCUS26956-IOSXR.NASL | description | The remote Cisco device is running a version of IOS XR software that
is affected by the following vulnerabilities :
- Errors exist related to weak cryptographic pseudorandom
number generation (PRNG), the functions 'ntp_random' and
and 'config_auth', and the 'ntp-keygen' utility. A
man-in-the-middle attacker can exploit these to disclose
sensitive information. (CVE-2014-9293, CVE-2014-9294)
- Multiple stack-based buffer overflow errors exist in the
Network Time Protocol daemon (ntpd), which a remote
attacker can exploit to execute arbitrary code or cause
a denial of service by using a specially crafted packet.
(CVE-2014-9295)
- An error exists in the 'receive' function in the Network
Time Protocol daemon (ntpd) that allows denial of
service attacks. (CVE-2014-9296) | last seen | 2019-01-16 | modified | 2018-11-15 | plugin id | 81912 | published | 2015-03-18 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=81912 | title | Cisco IOS XR Multiple ntpd Vulnerabilities |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2014-17361.NASL | description | Security fix for CVE-2014-9294, CVE-2014-9295, CVE-2014-9293,
CVE-2014-9296
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2015-11-01 | plugin id | 80147 | published | 2014-12-22 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80147 | title | Fedora 20 : ntp-4.2.6p5-19.fc20 (2014-17361) |
NASL family | CISCO | NASL id | CISCO_PRIME_LMS_SA-20141222-NTPD.NASL | description | According to its self-reported version number, the Cisco Prime LAN
Management Solution running on the remote host is affected by multiple
vulnerabilities :
- A security weakness exists due to the config_auth()
function improperly generating default keys when no
authentication key is defined in the 'ntp.conf' file.
Key size is limited to 31 bits and the insecure
ntp_random() function is used, resulting in
cryptographically weak keys with insufficient entropy.
This allows a remote attacker to defeat cryptographic
protection mechanisms via a brute-force attack.
(CVE-2014-9293)
- A security weakness exists due the use of a weak seed
to prepare a random number generator used to generate
symmetric keys. This allows remote attackers to defeat
cryptographic protection mechanisms via a brute-force
attack. (CVE-2014-9294)
- Multiple stack-based buffer overflows exist due to
improperly validated user-supplied input when handling
packets in the crypto_recv(), ctl_putdata(), and
configure() functions when using autokey authentication.
This allows a remote attacker, via a specially crafted
packet, to cause a denial of service condition or
execute arbitrary code. (CVE-2014-9295)
- A unspecified vulnerability exists due to missing return
statements in the receive() function, resulting in
continued processing even when an authentication error
is encountered. This allows a remote attacker, via
crafted packets, to trigger unintended association
changes. (CVE-2014-9296) | last seen | 2019-01-16 | modified | 2018-11-15 | plugin id | 83877 | published | 2015-05-28 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=83877 | title | Cisco Prime LAN Management Solution ntpd Multiple Vulnerabilities |
NASL family | CISCO | NASL id | CISCO-SA-20141222-NTPD-NXOS.NASL | description | The remote Cisco device is running a version of NX-OS software that
is affected by the following vulnerabilities :
- Errors exist related to weak cryptographic pseudorandom
number generation (PRNG), the functions 'ntp_random' and
and 'config_auth', and the 'ntp-keygen' utility. A
man-in-the-middle attacker can exploit these to disclose
sensitive information. (CVE-2014-9293, CVE-2014-9294)
- Multiple stack-based buffer overflow errors exist in the
Network Time Protocol daemon (ntpd), which a remote
attacker can exploit to execute arbitrary code or cause
a denial of service by using a specially crafted packet.
(CVE-2014-9295)
- An error exists in the 'receive' function in the Network
Time Protocol daemon (ntpd) that allows denial of
service attacks. (CVE-2014-9296) | last seen | 2019-01-16 | modified | 2018-11-15 | plugin id | 81911 | published | 2015-03-18 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=81911 | title | Cisco NX-OS Multiple ntpd Vulnerabilities |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2014-17395.NASL | description | Security fix for CVE-2014-9294, CVE-2014-9295, CVE-2014-9293,
CVE-2014-9296
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2015-11-01 | plugin id | 80310 | published | 2015-01-02 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80310 | title | Fedora 19 : ntp-4.2.6p5-13.fc19 (2014-17395) |
NASL family | Debian Local Security Checks | NASL id | DEBIAN_DSA-3108.NASL | description | Several vulnerabilities were discovered in the ntp package, an
implementation of the Network Time Protocol.
- CVE-2014-9293
ntpd generated a weak key for its internal use, with
full administrative privileges. Attackers could use this
key to reconfigure ntpd (or to exploit other
vulnerabilities).
- CVE-2014-9294
The ntp-keygen utility generated weak MD5 keys with
insufficient entropy.
- CVE-2014-9295
ntpd had several buffer overflows (both on the stack and
in the data section), allowing remote authenticated
attackers to crash ntpd or potentially execute arbitrary
code.
- CVE-2014-9296
The general packet processing function in ntpd did not
handle an error case correctly.
The default ntpd configuration in Debian restricts access to localhost
(and possible the adjacent network in case of IPv6).
Keys explicitly generated by 'ntp-keygen -M' should be regenerated. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 80208 | published | 2014-12-23 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80208 | title | Debian DSA-3108-1 : ntp - security update |
NASL family | Gentoo Local Security Checks | NASL id | GENTOO_GLSA-201412-34.NASL | description | The remote host is affected by the vulnerability described in GLSA-201412-34
(NTP: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in NTP. Please review the
CVE identifiers referenced below for details.
Impact :
A remote unauthenticated attacker may be able to execute arbitrary code
with the privileges of the process, cause a Denial of Service condition,
and obtain sensitive information that could assist in other attacks.
Workaround :
There is no known workaround at this time. | last seen | 2019-01-16 | modified | 2015-11-01 | plugin id | 80239 | published | 2014-12-26 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80239 | title | GLSA-201412-34 : NTP: Multiple vulnerabilities |
NASL family | CGI abuses | NASL id | CISCO-SA-20141222-NTPD-PRSM.NASL | description | According to its self-reported version number, the version of Cisco
Prime Security Manager running on the remote host is prior to 9.3.3.2.
It is, therefore, affected by multiple vulnerabilities in the bundled
NTP libraries :
- A security weakness exists due to the config_auth()
function improperly generating default keys when no
authentication key is defined in the 'ntp.conf' file.
Key size is limited to 31 bits and the insecure
ntp_random() function is used, resulting in
cryptographically-weak keys with insufficient entropy.
This allows a remote attacker to defeat cryptographic
protection mechanisms via a brute-force attack.
(CVE-2014-9293)
- A security weakness exists due the use of a weak seed
to prepare a random number generator used to generate
symmetric keys. This allows remote attackers to defeat
cryptographic protection mechanisms via a brute-force
attack. (CVE-2014-9294)
- Multiple stack-based buffer overflows exist due to
improperly validated user-supplied input when handling
packets in the crypto_recv(), ctl_putdata(), and
configure() functions when using autokey authentication.
This allows a remote attacker, via a specially crafted
packet, to cause a denial of service condition or
execute arbitrary code. (CVE-2014-9295)
- A unspecified vulnerability exists due to missing return
statements in the receive() function, resulting in
continued processing even when an authentication error
is encountered. This allows a remote attacker, via
crafted packets, to trigger unintended association
changes. (CVE-2014-9296) | last seen | 2019-01-16 | modified | 2018-11-15 | plugin id | 81980 | published | 2015-03-20 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=81980 | title | Cisco Prime Security Manager Network Time Protocol Daemon (ntpd) Multiple Vulnerabilities (cisco-sa-20141222-ntpd) |
NASL family | Ubuntu Local Security Checks | NASL id | UBUNTU_USN-2449-1.NASL | description | Neel Mehta discovered that NTP generated weak authentication keys. A
remote attacker could possibly use this issue to brute force the
authentication key and send requests if permitted by IP restrictions.
(CVE-2014-9293)
Stephen Roettger discovered that NTP generated weak MD5 keys. A remote
attacker could possibly use this issue to brute force the MD5 key and
spoof a client or server. (CVE-2014-9294)
Stephen Roettger discovered that NTP contained buffer overflows in the
crypto_recv(), ctl_putdata() and configure() functions. In non-default
configurations, a remote attacker could use these issues to cause NTP
to crash, resulting in a denial of service, or possibly execute
arbitrary code. The default compiler options for affected releases
should reduce the vulnerability to a denial of service. In addition,
attackers would be isolated by the NTP AppArmor profile.
(CVE-2014-9295)
Stephen Roettger discovered that NTP incorrectly continued processing
when handling certain errors. (CVE-2014-9296).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-12-01 | plugin id | 80218 | published | 2014-12-23 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80218 | title | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : ntp vulnerabilities (USN-2449-1) |
NASL family | CentOS Local Security Checks | NASL id | CENTOS_RHSA-2014-2024.NASL | description | Updated ntp packages that fix several security issues are now
available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
The Network Time Protocol (NTP) is used to synchronize a computer's
time with a referenced time source.
Multiple buffer overflow flaws were discovered in ntpd's
crypto_recv(), ctl_putdata(), and configure() functions. A remote
attacker could use either of these flaws to send a specially crafted
request packet that could crash ntpd or, potentially, execute
arbitrary code with the privileges of the ntp user. Note: the
crypto_recv() flaw requires non-default configurations to be active,
while the ctl_putdata() flaw, by default, can only be exploited via
local attackers, and the configure() flaw requires additional
authentication to exploit. (CVE-2014-9295)
It was found that ntpd automatically generated weak keys for its
internal use if no ntpdc request authentication key was specified in
the ntp.conf configuration file. A remote attacker able to match the
configured IP restrictions could guess the generated key, and possibly
use it to send ntpdc query or configuration requests. (CVE-2014-9293)
It was found that ntp-keygen used a weak method for generating MD5
keys. This could possibly allow an attacker to guess generated MD5
keys that could then be used to spoof an NTP client or server. Note:
it is recommended to regenerate any MD5 keys that had explicitly been
generated with ntp-keygen; the default installation does not contain
such keys). (CVE-2014-9294)
A missing return statement in the receive() function could potentially
allow a remote attacker to bypass NTP's authentication mechanism.
(CVE-2014-9296)
All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing
the update, the ntpd daemon will restart automatically. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 80124 | published | 2014-12-22 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80124 | title | CentOS 6 / 7 : ntp (CESA-2014:2024) |
NASL family | Oracle Linux Local Security Checks | NASL id | ORACLELINUX_ELSA-2014-2024.NASL | description | From Red Hat Security Advisory 2014:2024 :
Updated ntp packages that fix several security issues are now
available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
The Network Time Protocol (NTP) is used to synchronize a computer's
time with a referenced time source.
Multiple buffer overflow flaws were discovered in ntpd's
crypto_recv(), ctl_putdata(), and configure() functions. A remote
attacker could use either of these flaws to send a specially crafted
request packet that could crash ntpd or, potentially, execute
arbitrary code with the privileges of the ntp user. Note: the
crypto_recv() flaw requires non-default configurations to be active,
while the ctl_putdata() flaw, by default, can only be exploited via
local attackers, and the configure() flaw requires additional
authentication to exploit. (CVE-2014-9295)
It was found that ntpd automatically generated weak keys for its
internal use if no ntpdc request authentication key was specified in
the ntp.conf configuration file. A remote attacker able to match the
configured IP restrictions could guess the generated key, and possibly
use it to send ntpdc query or configuration requests. (CVE-2014-9293)
It was found that ntp-keygen used a weak method for generating MD5
keys. This could possibly allow an attacker to guess generated MD5
keys that could then be used to spoof an NTP client or server. Note:
it is recommended to regenerate any MD5 keys that had explicitly been
generated with ntp-keygen; the default installation does not contain
such keys). (CVE-2014-9294)
A missing return statement in the receive() function could potentially
allow a remote attacker to bypass NTP's authentication mechanism.
(CVE-2014-9296)
All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing
the update, the ntpd daemon will restart automatically. | last seen | 2019-01-16 | modified | 2018-07-18 | plugin id | 80154 | published | 2014-12-22 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80154 | title | Oracle Linux 6 / 7 : ntp (ELSA-2014-2024) |
NASL family | Amazon Linux Local Security Checks | NASL id | ALA_ALAS-2014-462.NASL | description | It was found that ntpd automatically generated weak keys for its
internal use if no ntpdc request authentication key was specified in
the ntp.conf configuration file. A remote attacker able to match the
configured IP restrictions could guess the generated key, and possibly
use it to send ntpdc query or configuration requests. (CVE-2014-9293)
It was found that ntp-keygen used a weak method for generating MD5
keys. This could possibly allow an attacker to guess generated MD5
keys that could then be used to spoof an NTP client or server. Note:
it is recommended to regenerate any MD5 keys that had explicitly been
generated with ntp-keygen; the default installation does not contain
such keys). (CVE-2014-9294)
Multiple buffer overflow flaws were discovered in ntpd's
crypto_recv(), ctl_putdata(), and configure() functions. A remote
attacker could use either of these flaws to send a specially crafted
request packet that could crash ntpd or, potentially, execute
arbitrary code with the privileges of the ntp user. Note: the
crypto_recv() flaw requires non default configurations to be active,
while the ctl_putdata() flaw, by default, can only be exploited via
local attackers, and the configure() flaw requires additional
authentication to exploit. (CVE-2014-9295)
A missing return statement in the receive() function could potentially
allow a remote attacker to bypass NTP's authentication mechanism.
(CVE-2014-9296) | last seen | 2019-01-16 | modified | 2018-04-18 | plugin id | 80122 | published | 2014-12-22 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80122 | title | Amazon Linux AMI : ntp (ALAS-2014-462) |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2014-17367.NASL | description | Security fix for CVE-2014-9294, CVE-2014-9295, CVE-2014-9293,
CVE-2014-9296
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2015-11-01 | plugin id | 80237 | published | 2014-12-26 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=80237 | title | Fedora 21 : ntp-4.2.6p5-25.fc21 (2014-17367) |
NASL family | Debian Local Security Checks | NASL id | DEBIAN_DLA-116.NASL | description | Several vulnerabilities were discovered in the ntp package, an
implementation of the Network Time Protocol.
CVE-2014-9293
ntpd generated a weak key for its internal use, with full
administrative privileges. Attackers could use this key to reconfigure
ntpd (or to exploit other vulnerabilities).
CVE-2014-9294
The ntp-keygen utility generated weak MD5 keys with insufficient
entropy.
CVE-2014-9295
ntpd had several buffer overflows (both on the stack and in the data
section), allowing remote authenticated attackers to crash ntpd or
potentially execute arbitrary code.
CVE-2014-9296
The general packet processing function in ntpd did not handle an error
case correctly.
The default ntpd configuration in Debian restricts access to localhost
(and possible the adjacent network in case of IPv6).
Keys explicitly generated by 'ntp-keygen -M' should be regenerated.
For the oldstable distribution (squeeze), these problems have been
fixed in version 4.2.6.p2+dfsg-1+deb6u1.
We recommend that you upgrade your heirloom-mailx packages.
Thanks to the Florian Weimer for the Red Hat security update.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues. | last seen | 2019-01-16 | modified | 2018-07-06 | plugin id | 82099 | published | 2015-03-26 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=82099 | title | Debian DLA-116-1 : ntp security update |
NASL family | CISCO | NASL id | CISCO-SA-20141222-NTPD-PRIME_DCNM.NASL | description | According to its self-reported version number, the Cisco Prime Data
Center Network Manager (DCNM) running on the remote host is affected
by multiple vulnerabilities :
- A security weakness exists due to the config_auth()
function improperly generating default keys when no
authentication key is defined in the 'ntp.conf' file.
Key size is limited to 31 bits and the insecure
ntp_random() function is used, resulting in
cryptographically weak keys with insufficient entropy.
This allows a remote attacker to defeat cryptographic
protection mechanisms via a brute-force attack.
(CVE-2014-9293)
- A security weakness exists due the use of a weak seed
to prepare a random number generator used to generate
symmetric keys. This allows remote attackers to defeat
cryptographic protection mechanisms via a brute-force
attack. (CVE-2014-9294)
- Multiple stack-based buffer overflows exist due to
improperly validated user-supplied input when handling
packets in the crypto_recv(), ctl_putdata(), and
configure() functions when using autokey authentication.
This allows a remote attacker, via a specially crafted
packet, to cause a denial of service condition or
execute arbitrary code. (CVE-2014-9295)
- A unspecified vulnerability exists due to missing return
statements in the receive() function, resulting in
continued processing even when an authentication error
is encountered. This allows a remote attacker, via
crafted packets, to trigger unintended association
changes. (CVE-2014-9296)
- A security bypass vulnerability exists in the function
read_network_packet() due to a failure to restrict ::1
source addresses on IPv6 interfaces. This allows a
remote attacker to bypass configured ACLs based on ::1.
(CVE-2014-9298)
This plugin determines if DCNM is vulnerable by checking the version
number displayed in the web interface. The web interface is not
available in older versions of DCNM. | last seen | 2019-01-16 | modified | 2018-11-15 | plugin id | 83876 | published | 2015-05-28 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=83876 | title | Cisco Prime Data Center Network Manager ntpd Multiple Vulnerabilities (uncredentialed check) |
NASL family | HP-UX Local Security Checks | NASL id | HPUX_PHNE_44235.NASL | description | s700_800 11.11 NTP timeservices upgrade plus utilities :
Potential security vulnerabilities have been identified with HP-UX
running NTP. These could be exploited remotely to execute code, create
a Denial of Service (DoS), or other vulnerabilities. References:
CVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator
(PRNG) (CWE-332) CVE-2014-9294 - Use of Cryptographically Weak PRNG
(CWE-338) CVE-2014-9295 - Stack Buffer Overflow (CWE-121)
CVE-2014-9296 - Error Conditions, Return Values, Status Codes
(CWE-389) CVE-2014-9297 - Improper Check for Unusual or Exceptional
Conditions (CWE-754) SSRT101872 VU#852879. | last seen | 2019-01-16 | modified | 2018-07-12 | plugin id | 82682 | published | 2015-04-10 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=82682 | title | HP-UX PHNE_44235 : s700_800 11.11 NTP timeservices upgrade plus utilities |
NASL family | HP-UX Local Security Checks | NASL id | HPUX_PHNE_44236.NASL | description | s700_800 11.23 NTP timeservices upgrade plus utilities :
Potential security vulnerabilities have been identified with HP-UX
running NTP. These could be exploited remotely to execute code, create
a Denial of Service (DoS), or other vulnerabilities. References:
CVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator
(PRNG) (CWE-332) CVE-2014-9294 - Use of Cryptographically Weak PRNG
(CWE-338) CVE-2014-9295 - Stack Buffer Overflow (CWE-121)
CVE-2014-9296 - Error Conditions, Return Values, Status Codes
(CWE-389) CVE-2014-9297 - Improper Check for Unusual or Exceptional
Conditions (CWE-754) SSRT101872 VU#852879. | last seen | 2019-01-16 | modified | 2018-07-12 | plugin id | 82683 | published | 2015-04-10 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=82683 | title | HP-UX PHNE_44236 : s700_800 11.23 NTP timeservices upgrade plus utilities |
|