Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server.

On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server’s advertised time. The vulnerabilities covered in this document are as follows: 

CVE-2015-7691 – Denial of Service AutoKey Malicious Message
CVE-2015-7692 – Denial of Service AutoKey Malicious Message
CVE-2015-7701 – Denial of Service CRYPTO_ASSOC Memory Leak
CVE-2015-7702 – Denial of Service AutoKey Malicious Message
CVE-2015-7703 – Configuration Directive File Overwrite Vulnerability
CVE-2015-7704 – Denial of Service by Spoofed Kiss-o’-Death
CVE-2015-7705 – Denial of Service by Priming the Pump
CVE-2015-7848 – Network Time Protocol ntpd Multiple Integer Overflow Read Access Violations
CVE-2015-7849 – Network Time Protocol Trusted Keys Memory Corruption Vulnerability
CVE-2015-7850 – Network Time Protocol Remote Configuration Denial of Service Vulnerability
CVE-2015-7851 – Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability
CVE-2015-7852 – Network Time Protocol ntpq atoascii Memory Corruption Vulnerability
CVE-2015-7853 – Network Time Protocol Reference Clock Memory Corruption Vulnerability
CVE-2015-7854 – Network Time Protocol Password Length Memory Corruption Vulnerability
CVE-2015-7855 – Denial of Service Long Control Packet Message 
CVE-2015-7871 – NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability

Additional details on each of the vulnerabilities can be found at the following links:

Official Security Advisory from ntp.org: Security Notice
Boston University: Attacking the Network Time Protocol
Cisco TALOS: TALOS Vulnerability Reports

Cisco will release software updates that address these vulnerabilities.

Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp

Leave a Reply