join
donate

NTP Bug 3011

Duplicate IPs on unconfig directives will cause an assertion botch in ntpd

  • Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
  • References: Sec 3011 / CVE-2016-2516 / VU#718152
  • Affects: All ntp-4 releases up to, but not including 4.2.8p7, and 4.3.0 up to, but not including 4.3.92
  • CVSS2: MED 6.3 (AV:N/AC:M/Au:S/C:N/I:N/A:C)
  • CVSS3: MED 4.2 (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)
  • Summary: If ntpd was expressly configured to allow for remote configuration, a malicious user who knows the controlkey for ntpq or the requestkey for ntpdc (if mode7 is expressly enabled) can create a session with ntpd and if an existing association is unconfigured using the same IP twice on the unconfig directive line, ntpd will abort.
  • Mitigation:
  • Credit: This weakness was discovered by Yihan Lian of the Cloud Security Team, Qihoo 360.


This topic: Main > SecurityNotice > NtpBug3011
Topic revision: r1 - 2016-04-27 - 03:15:33 - HarlanStenn
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback