Bug 38245 - ntp: Multiple issues (3.2)
ntp: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-6-errata
Assigned To: Janek Walkenhorst
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-04-13 14:36 CEST by Arvid Requate
Modified: 2015-07-16 15:11 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-04-13 14:36:14 CEST
Man-in-the-middle attackers may spoof packets by omitting the MAC because the symmetric-key feature in the receive function in ntp_proto.c requires a correct MAC only if the MAC field has a nonzero length (CVE-2015-1798)

Man-in-the-middle attackers may cause a denial of service (synchronization loss) by spoofing the source IP address of a peer because the symmetric-key feature in the receive function in ntp_proto.c performs state-variable updates upon receiving certain invalid packets (CVE-2015-1799)
Comment 1 Arvid Requate univentionstaff 2015-05-06 16:40:40 CEST
Fixed in upstream Debian package version 1:4.2.6.p2+dfsg-1+deb6u3
Comment 2 Janek Walkenhorst univentionstaff 2015-06-05 16:04:47 CEST
Tests (i386): OK
Advisory: 2015-06-05-ntp.yaml
Comment 3 Philipp Hahn univentionstaff 2015-06-12 15:06:12 CEST
r61218 | Bug #38245 ntp: Fix YAML
 Fix wrong bug reference: 3[6→8]245
Comment 4 Philipp Hahn univentionstaff 2015-06-30 18:54:21 CEST
OK: ucr set timeserver{=0,2=2,3=3}.debian.pool.ntp.org
OK: ntpq -p
OK: ntpdate 10.200.17.24 <-> 10.200.17.25
OK: i386 amd64

OK: /usr/share/doc/ntp/changelog.Debian.gz
OK: 1:4.2.6.p2+dfsg-1+deb6u3
OK: CVE-2015-1798
OK: CVE-2015-1799

FIXED: 2015-06-05-ntp.yaml → r61585
OK: errata-announce -V 2015-06-05-ntp.yaml
Comment 5 Janek Walkenhorst univentionstaff 2015-07-16 15:11:23 CEST
<http://errata.univention.de/ucs/3.2/343.html>