Security Information / 2015 / Security Information -- DSA-3223-1 ntp

Debian Security Advisory

DSA-3223-1 ntp -- security update

Date Reported:

12 Apr 2015

Affected Packages:

ntp

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 782095.
In Mitre's CVE dictionary: CVE-2015-1798, CVE-2015-1799, CVE-2015-3405.

More information:

Multiple vulnerabilities were discovered in ntp, an implementation of the Network Time Protocol:

• CVE-2015-1798

  When configured to use a symmetric key with an NTP peer, ntpd would accept packets without MAC as if they had a valid MAC. This could allow a remote attacker to bypass the packet authentication and send malicious packets without having to know the symmetric key.

• CVE-2015-1799

  When peering with other NTP hosts using authenticated symmetric association, ntpd would update its internal state variables before the MAC of the NTP messages was validated. This could allow a remote attacker to cause a denial of service by impeding synchronization between NTP peers.

Additionally, it was discovered that generating MD5 keys using ntp-keygen on big endian machines would either trigger an endless loop, or generate non-random keys.

For the stable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u4.

For the unstable distribution (sid), these problems have been fixed in version 1:4.2.6.p5+dfsg-7.

We recommend that you upgrade your ntp packages.