ntp-4.2.6p5-22.0.1.el7.AXS7
エラータID: AXSA:2015-852:03
リリース日:
2015/12/01 Tuesday - 19:25
題名:
ntp-4.2.6p5-22.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- NTP の ntpd の ntp_crypto.c には,Autokey 認証が有効な場合,長さ
値のフィールドに不正な値を持つ拡張フィールドを含むパケットによって,
リモートの攻撃者が機密情報を取得する,あるいはサービス拒否 (デーモンの
クラッシュ) を引き起こす脆弱性があります。(CVE-2014-9750)
- NTP の ntpd の ntp_io.c には read_network_packet 関数は,ソース IP
アドレスが IPv6 のループバックアドレスであるかどうかを断定しておらず,
ランタイムの状態を読み書きしやすくする脆弱性があります (CVE-2014-9751)。
- NTP の ntpd の ntp_proto.c の receive 関数の symmetric-key 機能には,
ある不正なパケットを受け取る際に,ステートの変数のアップデートを行い,
ピアのソース IP アドレスを偽ることによって,攻撃者がサービス拒否 (同期の
損失) を引き起こす脆弱性があります。(CVE-2015-1799)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-9297
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2014-9298
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2014-9750
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.
CVE-2014-9751
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
CVE-2015-1798
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
CVE-2015-1799
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
CVE-2015-3405
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
追加情報:
N/A
ダウンロード:
SRPMS
- ntp-4.2.6p5-22.0.1.el7.AXS7.src.rpm
MD5: c56e70bea53a95a5e65c936432d7a43a
SHA-256: 0868cadaade5150962265aaac2c9a0191b80ed1f6e8e85bc11d35b757ec30fed
Size: 4.11 MB
Asianux Server 7 for x86_64
- ntp-4.2.6p5-22.0.1.el7.AXS7.x86_64.rpm
MD5: 0851aa1fe713c49ef73ea56801fca28c
SHA-256: ac916a77cb6042d602b1f0798cd9592124b1cf7a427ed5acfaefaac69abcffeb
Size: 542.37 kB - ntpdate-4.2.6p5-22.0.1.el7.AXS7.x86_64.rpm
MD5: 7c0c504ca758f54d59f72f72d3ff0ac8
SHA-256: c94ef3bbf3315abeaf5b6be0e9aeff4f79f78a282d7d54b406b445f6b41a943c
Size: 82.86 kB
English