Denial of Service : NTP.org 'ntpd' 'decodenetnum' And 'loop counter underrun' DoS Vulnerabilities

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.810221
Category:	Denial of Service
Title:	NTP.org 'ntpd' 'decodenetnum' And 'loop counter underrun' DoS Vulnerabilities
Summary:	NTP.org's reference implementation of NTP server, ntpd is prone to multiple denial of service vulnerabilities.
Description:	Summary: NTP.org's reference implementation of NTP server, ntpd is prone to multiple denial of service vulnerabilities. Vulnerability Insight: Multiple errors are due to: - CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK - CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values - CVE-2015-7854 Password Length Memory Corruption Vulnerability - CVE-2015-7853 Invalid length data provided by a custom refclock driver could cause a buffer overflow - CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability - CVE-2015-7851 saveconfig Directory Traversal Vulnerability - CVE-2015-7850 remote config logfile-keyfile - CVE-2015-7849 trusted key use-after-free - CVE-2015-7848 mode 7 loop counter underrun - CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC - CVE-2015-7703 configuration directives 'pidfile' and 'driftfile' should only be allowed locally - CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks Vulnerability Impact: Successful exploitation will allow remote attackers to cause the application to crash, creating a denial-of-service condition. Affected Software/OS: NTPd version 4.x prior to 4.2.8p4 and 4.3.0 prior to 4.3.77. Solution: Update to version 4.2.8p4, 4.3.77 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7871 BugTraq ID: 77287 http://www.securityfocus.com/bid/77287 Debian Security Information: DSA-3388 (Google Search) http://www.debian.org/security/2015/dsa-3388 https://security.gentoo.org/glsa/201604-03 https://security.gentoo.org/glsa/201607-15 http://www.securitytracker.com/id/1033951 Common Vulnerability Exposure (CVE) ID: CVE-2015-7855 BugTraq ID: 77283 http://www.securityfocus.com/bid/77283 https://www.exploit-db.com/exploits/40840/ Common Vulnerability Exposure (CVE) ID: CVE-2015-7854 BugTraq ID: 77277 http://www.securityfocus.com/bid/77277 Common Vulnerability Exposure (CVE) ID: CVE-2015-7853 BugTraq ID: 77273 http://www.securityfocus.com/bid/77273 Bugtraq: 20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 (Google Search) http://www.securityfocus.com/archive/1/536737/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded Bugtraq: 20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp (Google Search) http://www.securityfocus.com/archive/1/536760/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded Bugtraq: 20151029 [slackware-security] ntp (SSA:2015-302-03) (Google Search) http://www.securityfocus.com/archive/1/536796/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded Bugtraq: 20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED] (Google Search) http://www.securityfocus.com/archive/1/536833/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded Cisco Security Advisory: 20151021 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html http://www.talosintel.com/vulnerability-reports/ https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 SuSE Security Announcement: SUSE-SU-2016:1247 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html SuSE Security Announcement: SUSE-SU-2016:1311 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html SuSE Security Announcement: SUSE-SU-2016:1912 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html SuSE Security Announcement: SUSE-SU-2016:2094 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html SuSE Security Announcement: openSUSE-SU-2015:2016 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html SuSE Security Announcement: openSUSE-SU-2016:1423 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html http://www.ubuntu.com/usn/USN-2783-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-7852 BugTraq ID: 77288 http://www.securityfocus.com/bid/77288 RedHat Security Advisories: RHSA-2016:0780 http://rhn.redhat.com/errata/RHSA-2016-0780.html RedHat Security Advisories: RHSA-2016:2583 http://rhn.redhat.com/errata/RHSA-2016-2583.html Common Vulnerability Exposure (CVE) ID: CVE-2015-7851 http://support.ntp.org/bin/view/Main/NtpBug2918 http://support.ntp.org/bin/view/Main/SecurityNotice http://www.talosintel.com/reports/TALOS-2015-0062/ Common Vulnerability Exposure (CVE) ID: CVE-2015-7850 BugTraq ID: 77279 http://www.securityfocus.com/bid/77279 Common Vulnerability Exposure (CVE) ID: CVE-2015-7849 BugTraq ID: 77276 http://www.securityfocus.com/bid/77276 Common Vulnerability Exposure (CVE) ID: CVE-2015-7848 BugTraq ID: 77275 http://www.securityfocus.com/bid/77275 http://www.talosintelligence.com/reports/TALOS-2015-0052/ Common Vulnerability Exposure (CVE) ID: CVE-2015-7701 BugTraq ID: 77281 http://www.securityfocus.com/bid/77281 Common Vulnerability Exposure (CVE) ID: CVE-2015-7703 BugTraq ID: 77278 http://www.securityfocus.com/bid/77278 Common Vulnerability Exposure (CVE) ID: CVE-2015-7704 BugTraq ID: 77280 http://www.securityfocus.com/bid/77280 CERT/CC vulnerability note: VU#718152 https://www.kb.cert.org/vuls/id/718152 https://eprint.iacr.org/2015/1020.pdf https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016 https://www.cs.bu.edu/~goldbe/NTPattack.html RedHat Security Advisories: RHSA-2015:1930 http://rhn.redhat.com/errata/RHSA-2015-1930.html RedHat Security Advisories: RHSA-2015:2520 http://rhn.redhat.com/errata/RHSA-2015-2520.html Common Vulnerability Exposure (CVE) ID: CVE-2015-7705 BugTraq ID: 77284 http://www.securityfocus.com/bid/77284 https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 SuSE Security Announcement: SUSE-SU-2016:1278 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html SuSE Security Announcement: SUSE-SU-2016:1291 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html SuSE Security Announcement: SUSE-SU-2016:1471 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html SuSE Security Announcement: SUSE-SU-2016:1568 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html SuSE Security Announcement: openSUSE-SU-2016:1329 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html Common Vulnerability Exposure (CVE) ID: CVE-2015-7691 BugTraq ID: 77274 http://www.securityfocus.com/bid/77274 Common Vulnerability Exposure (CVE) ID: CVE-2015-7692 BugTraq ID: 77285 http://www.securityfocus.com/bid/77285 Common Vulnerability Exposure (CVE) ID: CVE-2015-7702 BugTraq ID: 77286 http://www.securityfocus.com/bid/77286
Copyright	Copyright (C) 2016 Greenbone AG