ntp-4.2.6p5-22.2.0.1.el7.AXS7
エラータID: AXSA:2016-476:01
リリース日:
2016/06/08 Wednesday - 16:39
題名:
ntp-4.2.6p5-22.2.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- NTP には,ブロードキャストクライアントへの不正な認証を行うブロードキャスト
パケットを送信することによって,リモートの攻撃者がサービス拒否 (クライアント
サーバの通信の切断) を引き起こす脆弱性があります。(CVE-2015-7979)
- 現時点では CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2518 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2015-7979
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
CVE-2016-1547
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.
CVE-2016-1548
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.
CVE-2016-1550
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
CVE-2016-2518
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
追加情報:
N/A
ダウンロード:
SRPMS
- ntp-4.2.6p5-22.2.0.1.el7.AXS7.src.rpm
MD5: 35ba9c2592b3a5700c23e2fc9e65c798
SHA-256: 3c18247e35792549f3943c199e3c79cd21cb4576587956cac093297dea4a51d5
Size: 4.11 MB
Asianux Server 7 for x86_64
- ntp-4.2.6p5-22.2.0.1.el7.AXS7.x86_64.rpm
MD5: 6d9b306bc5d941a63bf514413295f295
SHA-256: 750c999f4a11d4b3a653169b2ea09a08a2c1c1c23bbff7cba532161f22ca0d68
Size: 542.84 kB - ntpdate-4.2.6p5-22.2.0.1.el7.AXS7.x86_64.rpm
MD5: bfff9d4a305701fdc9faf0862a21dc84
SHA-256: 5cd7dad9ed72a97de564a5c2968518d13cacf5187a9998f2860c97e56ace78d6
Size: 83.36 kB
English