Security update for ntp SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:2016-1 Final 1 1 2015-11-10T14:50:30Z current 2015-11-10T14:50:30Z 2015-11-10T14:50:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ntp This ntp update provides the following security and non security fixes: - Update to 4.2.8p4 to fix several security issues (bsc#951608): * CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values * CVE-2015-7854: Password Length Memory Corruption Vulnerability * CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability * CVE-2015-7851 saveconfig Directory Traversal Vulnerability * CVE-2015-7850 remote config logfile-keyfile * CVE-2015-7849 trusted key use-after-free * CVE-2015-7848 mode 7 loop counter underrun * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC * CVE-2015-7703 configuration directives 'pidfile' and 'driftfile' should only be allowed locally * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks * obsoletes ntp-memlock.patch. - Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html E-Mail link for openSUSE-SU-2015:2016-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 ntp-4.2.8p4-9.2 ntp-doc-4.2.8p4-9.2 ntp-4.2.8p4-9.2 as a component of openSUSE Leap 42.1 ntp-doc-4.2.8p4-9.2 as a component of openSUSE Leap 42.1 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. CVE-2015-7691 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7691.html CVE-2015-7691 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/911792 SUSE Bug 911792 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. CVE-2015-7692 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7692.html CVE-2015-7692 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/911792 SUSE Bug 911792 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). CVE-2015-7701 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7701.html CVE-2015-7701 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. CVE-2015-7702 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7702.html CVE-2015-7702 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/911792 SUSE Bug 911792 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. CVE-2015-7703 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7703.html CVE-2015-7703 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/943216 SUSE Bug 943216 https://bugzilla.suse.com/943218 SUSE Bug 943218 https://bugzilla.suse.com/943219 SUSE Bug 943219 https://bugzilla.suse.com/943221 SUSE Bug 943221 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. CVE-2015-7704 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7704.html CVE-2015-7704 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/952611 SUSE Bug 952611 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/977446 SUSE Bug 977446 The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. CVE-2015-7705 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7705.html CVE-2015-7705 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/952611 SUSE Bug 952611 https://bugzilla.suse.com/959243 SUSE Bug 959243 An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. CVE-2015-7848 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7848.html CVE-2015-7848 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. CVE-2015-7849 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7849.html CVE-2015-7849 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. CVE-2015-7850 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7850.html CVE-2015-7850 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. CVE-2015-7851 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7851.html CVE-2015-7851 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. CVE-2015-7852 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7852.html CVE-2015-7852 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. CVE-2015-7853 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7853.html CVE-2015-7853 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. CVE-2015-7854 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7854.html CVE-2015-7854 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. CVE-2015-7855 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7855.html CVE-2015-7855 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. CVE-2015-7871 openSUSE Leap 42.1:ntp-4.2.8p4-9.2 openSUSE Leap 42.1:ntp-doc-4.2.8p4-9.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html https://www.suse.com/security/cve/CVE-2015-7871.html CVE-2015-7871 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/952606 SUSE Bug 952606 https://bugzilla.suse.com/959243 SUSE Bug 959243