Information leak/denial of service in autokey crypto handling (CVE-2014-9297) ACLs restricting the access to control mode queries can be bypassed on IPv6 networks(CVE-2014-9298)
Man-in-the-middle attackers may spoof packets by omitting the MAC because the symmetric-key feature in the receive function in ntp_proto.c requires a correct MAC only if the MAC field has a nonzero length (CVE-2015-1798) Man-in-the-middle attackers may cause a denial of service (synchronization loss) by spoofing the source IP address of a peer because the symmetric-key feature in the receive function in ntp_proto.c performs state-variable updates upon receiving certain invalid packets (CVE-2015-1799)
Fixed in upstream Debian package version 1:4.2.6.p2+dfsg-1+deb6u3
squeeze-lts version built. Tests (i386, amd64): OK
Created attachment 6924 [details] advisory v2
Comment on attachment 6924 [details] advisory v2 A new update is available for Univention Corporate Server 3.1 as part of the extended security maintenance. It addresses the following problem: Program component: ntp Reference: CVE-2014-9297 CVE-2014-9298 CVE-2015-1798 CVE-2015-1799 Fixed version: 1:4.2.6.p2+dfsg-1.41.201505271824 This update fixed the following issues: - Information leak/denial of service in autokey crypto handling (CVE-2014-9297) - ACLs restricting the access to control mode queries can be bypassed on IPv6 networks(CVE-2014-9298) - Man-in-the-middle attackers may spoof packets by omitting the MAC because the symmetric-key feature in the receive function in ntp_proto.c requires a correct MAC only if the MAC field has a nonzero length (CVE-2015-1798) - Man-in-the-middle attackers may cause a denial of service (synchronization loss) by spoofing the source IP address of a peer because the symmetric-key feature in the receive function in ntp_proto.c performs state-variable updates upon receiving certain invalid packets (CVE-2015-1799) -- Univention GmbH be open. Mary-Somerville-Str.1 28359 Bremen Tel. : +49 421 22232-0 Fax : +49 421 22232-99 <info@univention.de> http://www.univention.de/ Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876
Created attachment 6925 [details] advisory v3 FIXED: attachment 6924 [details] Fixed version: 1:4.2.6.p2+dfsg-1.41.201505271824 Missing blank
OK: apt-get upgrade OK: /usr/share/doc/ntp/changelog.Debian.gz FIXED: attachment 6924 [details] Fixed version: 1:4.2.6.p2+dfsg-1.41.201505271824 Geschäftsführer: Peter H. Ganten OK: ucr set timeserver=1.debian.pool.ntp.org timeserver2=2.debian.pool.ntp.org timeserver3=3.debian.pool.ntp.org OK: ntpq -p
Released