Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016

Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.

On April 26, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details 11 issues regarding DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a system's time. Two of the vulnerabilities disclosed in the NTP security notice address issues that were previously disclosed without a complete fix.

The new vulnerabilities disclosed in this document are as follows:

• CVE-2016-1547: Network Time Protocol CRYPTO-NAK Denial of Service Vulnerability
• CVE-2016-1548: Network Time Protocol Interleave-Pivot Denial of Service Vulnerability
• CVE-2016-1549: Network Time Protocol Sybil Ephemeral Association Attack Vulnerability
• CVE-2016-1550: Network Time Protocol Improve NTP Security Against Buffer Comparison Timing Attacks
• CVE-2016-1551: Network Time Protocol Refclock Impersonation Vulnerability
• CVE-2016-2516: Network Time Protocol Duplicate IPs on Unconfig Directives Will Cause an Assertion Botch in ntpd
• CVE-2016-2517: Network Time Protocol Remote Configuration Trustedkey/Requestkey/Controlkey Values Are Not Properly Validated
• CVE-2016-2518: Network Time Protocol Crafted addpeer Causes Array Wraparound with MATCH_ASSOC
• CVE-2016-2519: Network Time Protocol Remote ctl_getitem() Return Value Not Always Checked

The two vulnerabilities that were were previously disclosed without a complete fix are as follows:

• CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass
• CVE-2015-7704: Network Time Protocol Packet Processing Denial of Service Vulnerability

Those vulnerabilities were disclosed by Cisco in the following Cisco Security Advisories:

• Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
• Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016

Additional details about each vulnerability are in the NTP Consortium Security Notice.

Cisco will release software updates that address these vulnerabilities.

Workarounds that address one or more of these vulnerabilities may be available and will be documented in the Cisco bug for each affected product.

This advisory is available at the following link:
http://ift.tt/1rCdaWz

Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.

On April 26, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details 11 issues regarding DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a system's time. Two of the vulnerabilities disclosed in the NTP security notice address issues that were previously disclosed without a complete fix.

The new vulnerabilities disclosed in this document are as follows:

• CVE-2016-1547: Network Time Protocol CRYPTO-NAK Denial of Service Vulnerability
• CVE-2016-1548: Network Time Protocol Interleave-Pivot Denial of Service Vulnerability
• CVE-2016-1549: Network Time Protocol Sybil Ephemeral Association Attack Vulnerability
• CVE-2016-1550: Network Time Protocol Improve NTP Security Against Buffer Comparison Timing Attacks
• CVE-2016-1551: Network Time Protocol Refclock Impersonation Vulnerability
• CVE-2016-2516: Network Time Protocol Duplicate IPs on Unconfig Directives Will Cause an Assertion Botch in ntpd
• CVE-2016-2517: Network Time Protocol Remote Configuration Trustedkey/Requestkey/Controlkey Values Are Not Properly Validated
• CVE-2016-2518: Network Time Protocol Crafted addpeer Causes Array Wraparound with MATCH_ASSOC
• CVE-2016-2519: Network Time Protocol Remote ctl_getitem() Return Value Not Always Checked

The two vulnerabilities that were were previously disclosed without a complete fix are as follows:

• CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass
• CVE-2015-7704: Network Time Protocol Packet Processing Denial of Service Vulnerability

Those vulnerabilities were disclosed by Cisco in the following Cisco Security Advisories:

• Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
• Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016

Additional details about each vulnerability are in the NTP Consortium Security Notice.

Cisco will release software updates that address these vulnerabilities.

Workarounds that address one or more of these vulnerabilities may be available and will be documented in the Cisco bug for each affected product.

This advisory is available at the following link:
http://ift.tt/1rCdaWz


Security Impact Rating: Medium
CVE: CVE-2015-7704,CVE-2015-8138,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519

from Cisco Security Advisory http://ift.tt/1rCdaWz