An update for ntp is now available for Red Hat Enterprise Linux 6.7 ExtendedUpdate Support.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
The Network Time Protocol (NTP) is used to synchronize a computer’s time withanother referenced time source.

These packages include the ntpd service whichcontinuously adjusts system time and utilities used to query and configure thentpd service.Security Fix(es):* It was found that when NTP was configured in broadcast mode, a remote attackercould broadcast packets with bad authentication to all clients.

The clients,upon receiving the malformed packets, would break the association with thebroadcast server, causing them to become out of sync over a longer period oftime. (CVE-2015-7979)* A denial of service flaw was found in the way NTP handled preemptable clientassociations.

A remote attacker could send several crypto NAK packets to avictim client, each with a spoofed source address of an existing associatedpeer, preventing that client from synchronizing its time. (CVE-2016-1547)* It was found that an ntpd client could be forced to change from basicclient/server mode to the interleaved symmetric mode.

A remote attacker coulduse a spoofed packet that, when processed by an ntpd client, would cause thatclient to reject all future legitimate server responses, effectively disablingtime synchronization on that client. (CVE-2016-1548)* A flaw was found in the way NTP’s libntp performed message authentication.

Anattacker able to observe the timing of the comparison function used in packetauthentication could potentially use this flaw to recover the message digest.(CVE-2016-1550)* An out-of-bounds access flaw was found in the way ntpd processed certainpackets.

An authenticated attacker could use a crafted packet to create a peerassociation with hmode of 7 and larger, which could potentially (although highlyunlikely) cause ntpd to crash. (CVE-2016-2518)The CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258After installing this update, the ntpd daemon will restart automatically.Red Hat Enterprise Linux Server EUS (v. 6.7.z)

SRPMS:
ntp-4.2.6p5-5.el6_7.5.src.rpm
    MD5: eb02bf6f02ebde01ad912113ca5f5f0eSHA-256: b89545cd5e418b5ac7ab6a826ead6b36d11b4d4a8a0a56c1dc5cffbdd6ac7cc7
 
IA-32:
ntp-4.2.6p5-5.el6_7.5.i686.rpm
    MD5: 7bdb5b763bbf65c59a4f05ab0634cba8SHA-256: 213dbec2e4929be34464c15744fa0158bbe27cc0f4d3d59079072464ac74e303
ntp-debuginfo-4.2.6p5-5.el6_7.5.i686.rpm
    MD5: 041ad5a4e4f3dc210114690dba947145SHA-256: 558f5ffb319f2f7c5d3058dd641c0b8d0dd8834262e2ff14449153279ec47e81
ntp-doc-4.2.6p5-5.el6_7.5.noarch.rpm
    MD5: 270fcd33af1846f3350b0a72e246e26aSHA-256: ac9b0a51725e84174fb46f92e936111ea63bd8b6f054b17ca657cdde0c03171c
ntp-perl-4.2.6p5-5.el6_7.5.i686.rpm
    MD5: 71b096ca64002f205f9c4b6a6c3ccd58SHA-256: 4f6dae34dd986ab48d9a268109041bdc1ef6da5d74415df2adf7ec559e0d0763
ntpdate-4.2.6p5-5.el6_7.5.i686.rpm
    MD5: 2e90e8feef3dd739d8abdecfa3c61e54SHA-256: 9d028b21688c2bb9400d74eb7d6635f7f67c16f90150156cba344b1d31b29ebc
 
PPC:
ntp-4.2.6p5-5.el6_7.5.ppc64.rpm
    MD5: 1e27053ae6aa4929245e7ae9fd07d93fSHA-256: 7657319f196426e00ea137bdd708b895cb941609f587daf51033c93f056915ba
ntp-debuginfo-4.2.6p5-5.el6_7.5.ppc64.rpm
    MD5: d539e2b0066b8b500a5d2243f4898c6eSHA-256: 1b73127ca87c269dc6749368ff5739d57f7da352a13926a600d9cb0e0c830d5e
ntp-doc-4.2.6p5-5.el6_7.5.noarch.rpm
    MD5: 270fcd33af1846f3350b0a72e246e26aSHA-256: ac9b0a51725e84174fb46f92e936111ea63bd8b6f054b17ca657cdde0c03171c
ntp-perl-4.2.6p5-5.el6_7.5.ppc64.rpm
    MD5: 7397b2ba131ffac3c6599c2ac9256270SHA-256: 1dc23e27cbde6f1d1ba546ed290dcb3ac651c91da9c06514eceeb12bcaf638a7
ntpdate-4.2.6p5-5.el6_7.5.ppc64.rpm
    MD5: 85307a3ed7cc2c49285e307e5d986be7SHA-256: 38940846982e94b6ecb28a24917b5f5869f970acdbe37cb60a95b54e6c47d97a
 
s390x:
ntp-4.2.6p5-5.el6_7.5.s390x.rpm
    MD5: a13947a01adb7a76e67196873d88021fSHA-256: 67422af3b88ece93f44cb74c957226c3c5cb416a1242ac20ce081fb547cc9114
ntp-debuginfo-4.2.6p5-5.el6_7.5.s390x.rpm
    MD5: e8453d5896e6ccda397383c1c272e9c9SHA-256: c8e15f7b3990640d64184d06b0fa34aa17740f7ccacc9af4e833917a13f197f4
ntp-doc-4.2.6p5-5.el6_7.5.noarch.rpm
    MD5: 270fcd33af1846f3350b0a72e246e26aSHA-256: ac9b0a51725e84174fb46f92e936111ea63bd8b6f054b17ca657cdde0c03171c
ntp-perl-4.2.6p5-5.el6_7.5.s390x.rpm
    MD5: 036ef84acd553ac8e8e6008205763757SHA-256: e1e68a4b7ac0542386b92757de39e76d57335f429bb05688b9d8f607aba1641e
ntpdate-4.2.6p5-5.el6_7.5.s390x.rpm
    MD5: 913f4c7a253a5e556e6591c176676ba5SHA-256: 80e23073125a1c9a0c8e9f517da400e0a63381e825c0fff4a0391f7f6252d8db
 
x86_64:
ntp-4.2.6p5-5.el6_7.5.x86_64.rpm
    MD5: 4c8ca961ad424eeba70838d5ea9b1ddbSHA-256: 4eec9d2fdbccc5ac6d4dcfeaf73a109f11418605efea47aca5c76ee99af206a5
ntp-debuginfo-4.2.6p5-5.el6_7.5.x86_64.rpm
    MD5: db59853165448cb8eee1d0323620ae43SHA-256: 03041ec2313d808c386c80a01e28f6c3f0174a71b1bbac0d31d4a298eef812c0
ntp-doc-4.2.6p5-5.el6_7.5.noarch.rpm
    MD5: 270fcd33af1846f3350b0a72e246e26aSHA-256: ac9b0a51725e84174fb46f92e936111ea63bd8b6f054b17ca657cdde0c03171c
ntp-perl-4.2.6p5-5.el6_7.5.x86_64.rpm
    MD5: f29e3f1b8b972af94de6da92eb7964ccSHA-256: e7eb23f8f37d731e7348366c696be77908646eee6dc7afe5c4ec4bf3995f50e2
ntpdate-4.2.6p5-5.el6_7.5.x86_64.rpm
    MD5: e8e42b0c9b93dcebdaea9ffb2e7109b8SHA-256: b0e1c0cff17c0bce628c528b6dc4cd0a1b49797e970b706e11abeedffdc46866
 
(The unlinked packages above are only available from the Red Hat Network)

1300271 – CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode1331461 – CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service1331462 – CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets1331464 – CVE-2016-1550 ntp: libntp message digest disclosure1331468 – CVE-2016-2518 ntp: out-of-bounds references on crafted packet

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply