NTP.org ntpd is vulnerable to denial of service and other vulnerabilities
Original Release date: 02 Jun 2016 | Last revised: 02 Jun 2016

Overview
NTP.org’s reference implementation of NTP server, ntpd, contains multiple vulnerabilities.

Description

NTP.org’s reference implementation of NTP server, ntpd, contains multiple vulnerabilities.

A brief overview follows, but details may be found in NTP’s security advisory listing and in the individual links below.
CRYPTO-NAK denial of service introduced in Sec 3007 patch.
See Sec 3046, CVE-2016-4957.

The CVSS score below describes this vulnerability.Bad authentication demobilizes ephemeral associations.
See Sec 3045, CVE-2016-4953.Processing of spoofed server packets affects peer variables.
See Sec 3044, CVE-2016-4954.Autokey associations may be reset when repeatedly receiving spoofed packets.
See Sec 3043, CVE-2016-4955.Broadcast associations are not covered in Sec 2978 patch, which may be leveraged to flip broadcast clients into interleave mode.
See Sec 3042, CVE-2016-4956.

Impact

Unauthenticated, remote attackers may be able to spoof or send specially crafted packets to create denial of service conditions.

Solution

Apply an updateThe vendor has released version 4.2.8p8 to address these issues. Users are encouraged to update to the latest release.

Those unable to update should consider mitigations listed in NTP’s security advisory listing.

Vendor Information (Learn More)
Vendor
Status
Date Notified
Date Updated
NTP Project
Affected
25 May 2016
02 Jun 2016
ACCESS
Unknown
27 May 2016
27 May 2016
Alcatel-Lucent
Unknown
27 May 2016
27 May 2016
Apple
Unknown
27 May 2016
27 May 2016
Arista Networks, Inc.
Unknown
27 May 2016
27 May 2016
Aruba Networks
Unknown
27 May 2016
27 May 2016
AT&T
Unknown
27 May 2016
27 May 2016
Avaya, Inc.
Unknown
27 May 2016
27 May 2016
Belkin, Inc.
Unknown
27 May 2016
27 May 2016
Blue Coat Systems
Unknown
27 May 2016
27 May 2016
CA Technologies
Unknown
27 May 2016
27 May 2016
CentOS
Unknown
27 May 2016
27 May 2016
Check Point Software Technologies
Unknown
27 May 2016
27 May 2016
Cisco
Unknown
27 May 2016
27 May 2016
CoreOS
Unknown
27 May 2016
27 May 2016
If you are a vendor and your product is affected, let us know.View More »CVSS Metrics (Learn More)
Group
Score
Vector
Base
7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Temporal
6.4
E:F/RL:OF/RC:C
Environmental
6.4
CDP:N/TD:H/CR:ND/IR:ND/AR:ND

References

Credit
The NTP Project credits Nicolas Edet of Cisco, Miroslav Lichvar of Red Hat, and Jakub Prokes of Red Hat for reporting these vulnerabilities.
This document was written by Joel Land.

Other Information

Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.