Описание
Security update for ntp
This ntp update provides the following security and non security fixes:
- Update to 4.2.8p4 to fix several security issues (bsc#951608):
- CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK
- CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values
- CVE-2015-7854: Password Length Memory Corruption Vulnerability
- CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow
- CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability
- CVE-2015-7851 saveconfig Directory Traversal Vulnerability
- CVE-2015-7850 remote config logfile-keyfile
- CVE-2015-7849 trusted key use-after-free
- CVE-2015-7848 mode 7 loop counter underrun
- CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC
- CVE-2015-7703 configuration directives 'pidfile' and 'driftfile' should only be allowed locally
- CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field
- CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks
- Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327).
- Add a controlkey to ntp.conf to make the above work.
- Improve runtime configuration:
- Read keytype from ntp.conf
- Don't write ntp keys to syslog.
- Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser.
- Fix the comment regarding addserver in ntp.conf (bnc#910063).
- Remove ntp.1.gz, it wasn't installed anymore.
- Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz. The rest is partially irrelevant, partially redundant and potentially outdated (bsc#942587).
- Remove 'kod' from the restrict line in ntp.conf (bsc#944300).
- Use SHA1 instead of MD5 for symmetric keys (bsc#905885).
- Require perl-Socket6 (bsc#942441).
- Fix incomplete backporting of 'rcntp ntptimemset'.
Список пакетов
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
Ссылки
- Link for SUSE-SU-2015:2058-1
- E-Mail link for SUSE-SU-2015:2058-1
- SUSE Security Ratings
- SUSE Bug 905885
- SUSE Bug 910063
- SUSE Bug 936327
- SUSE Bug 942441
- SUSE Bug 942587
- SUSE Bug 944300
- SUSE Bug 951608
- SUSE CVE CVE-2015-7691 page
- SUSE CVE CVE-2015-7692 page
- SUSE CVE CVE-2015-7701 page
- SUSE CVE CVE-2015-7702 page
- SUSE CVE CVE-2015-7703 page
- SUSE CVE CVE-2015-7704 page
- SUSE CVE CVE-2015-7705 page
- SUSE CVE CVE-2015-7848 page
- SUSE CVE CVE-2015-7849 page
- SUSE CVE CVE-2015-7850 page
Описание
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
Затронутые продукты
Ссылки
- CVE-2015-7691
- SUSE Bug 1010964
- SUSE Bug 911792
- SUSE Bug 951608
- SUSE Bug 959243
- SUSE Bug 992991
Описание
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
Затронутые продукты
Ссылки
- CVE-2015-7692
- SUSE Bug 1010964
- SUSE Bug 911792
- SUSE Bug 951608
- SUSE Bug 959243
- SUSE Bug 992991
Описание
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
Затронутые продукты
Ссылки
- CVE-2015-7701
- SUSE Bug 1010964
- SUSE Bug 951608
- SUSE Bug 959243
- SUSE Bug 992991
Описание
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
Затронутые продукты
Ссылки
- CVE-2015-7702
- SUSE Bug 1010964
- SUSE Bug 911792
- SUSE Bug 951608
- SUSE Bug 959243
- SUSE Bug 992991
Описание
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
Затронутые продукты
Ссылки
- CVE-2015-7703
- SUSE Bug 1010964
- SUSE Bug 943216
- SUSE Bug 943218
- SUSE Bug 943219
- SUSE Bug 943221
- SUSE Bug 951608
- SUSE Bug 959243
Описание
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
Затронутые продукты
Ссылки
- CVE-2015-7704
- SUSE Bug 1010964
- SUSE Bug 951608
- SUSE Bug 952611
- SUSE Bug 959243
- SUSE Bug 977446
Описание
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
Затронутые продукты
Ссылки
- CVE-2015-7705
- SUSE Bug 1010964
- SUSE Bug 951608
- SUSE Bug 952611
- SUSE Bug 959243
Описание
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.
Затронутые продукты
Ссылки
- CVE-2015-7848
- SUSE Bug 1010964
- SUSE Bug 951608
- SUSE Bug 959243
- SUSE Bug 992991
Описание
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
Затронутые продукты
Ссылки
- CVE-2015-7849
- SUSE Bug 1010964
- SUSE Bug 951608
- SUSE Bug 959243
- SUSE Bug 992991
Описание
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
Затронутые продукты
Ссылки
- CVE-2015-7850
- SUSE Bug 1010964
- SUSE Bug 951608
- SUSE Bug 959243
- SUSE Bug 992991
Описание
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.
Затронутые продукты
Ссылки
- CVE-2015-7851
- SUSE Bug 1010964
- SUSE Bug 951608
- SUSE Bug 959243
Описание
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
Затронутые продукты
Ссылки
- CVE-2015-7852
- SUSE Bug 1010964
- SUSE Bug 951608
- SUSE Bug 959243
- SUSE Bug 992991
Описание
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
Затронутые продукты
Ссылки
- CVE-2015-7853
- SUSE Bug 1010964
- SUSE Bug 951608
- SUSE Bug 959243
- SUSE Bug 992991
Описание
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
Затронутые продукты
Ссылки
- CVE-2015-7854
- SUSE Bug 1010964
- SUSE Bug 951608
- SUSE Bug 959243
- SUSE Bug 992991
Описание
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
Затронутые продукты
Ссылки
- CVE-2015-7855
- SUSE Bug 1010964
- SUSE Bug 951608
- SUSE Bug 959243
- SUSE Bug 992991
Описание
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
Затронутые продукты
Ссылки
- CVE-2015-7871
- SUSE Bug 1010964
- SUSE Bug 951608
- SUSE Bug 952606
- SUSE Bug 959243