Bug 38244

Summary: ntp: multiple issues (4.0)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Janek Walkenhorst <walkenhorst>
Status: CLOSED FIXED QA Contact: Philipp Hahn <hahn>
Severity: normal    
Priority: P5 CC: gohmann, jmm
Version: UCS 4.0Flags: requate: Patch_Available+
Target Milestone: UCS 4.0-2-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:

Description Arvid Requate univentionstaff 2015-04-13 14:34:52 CEST 
Man-in-the-middle attackers may spoof packets by omitting the MAC because the symmetric-key feature in the receive function in ntp_proto.c requires a correct MAC only if the MAC field has a nonzero length (CVE-2015-1798)

Man-in-the-middle attackers may cause a denial of service (synchronization loss) by spoofing the source IP address of a peer because the symmetric-key feature in the receive function in ntp_proto.c performs state-variable updates upon receiving certain invalid packets (CVE-2015-1799)
Comment 1 Arvid Requate univentionstaff 2015-05-06 16:23:06 CEST 
Fixed in upstream Debian package version 1:4.2.6.p5+dfsg-2+deb7u4
Comment 2 Janek Walkenhorst univentionstaff 2015-06-05 16:01:47 CEST 
Tests (i386): OK
Advisory: 2015-06-05-ntp.yaml
Comment 3 Philipp Hahn univentionstaff 2015-06-15 11:08:42 CEST 
OK: amd64 i386
OK: apt-cache policy ntp
OK: ucr set timeserver{=1,2=2,3=3}.debian.pool.ntp.org;/etc/init.d/ntp restart;ntpq -p
OK: zless /usr/share/doc/ntp/changelog.Debian.gz
FIXED: 2015-06-05-ntp.yaml → r61249
OK: CVE-2015-1798 CVE-2015-1799
OK: errata-announce -V 2015-06-05-ntp.yaml
Comment 4 Janek Walkenhorst univentionstaff 2015-06-17 18:13:26 CEST 
<http://errata.univention.de/ucs/4.0/212.html>