977450 – (CVE-2016-1551) VUL-0: CVE-2016-1551: ntp: Refclock impersonation vulnerability, AKA: refclock-peering

Bug 977450 (CVE-2016-1551) - VUL-0: CVE-2016-1551: ntp: Refclock impersonation vulnerability, AKA: refclock-peering

Summary: VUL-0: CVE-2016-1551: ntp: Refclock impersonation vulnerability, AKA: refcloc...

Status:	RESOLVED FIXED

Alias:	CVE-2016-1551

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2016-06-21
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2016-1551:2.6:(AV:N/A...
Keywords:

Depends on:
Blocks:	977446
	Show dependency tree / graph

Clone This Bug

Reported:	2016-04-27 15:28 UTC by Marcus Meissner
Modified:	2016-08-18 15:52 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-04-27 15:28:51 UTC

+++ This bug was initially created as a clone of Bug #977446 +++


http://support.ntp.org/bin/view/Main/NtpBug3020


 Refclock impersonation vulnerability

    Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
    References: Sec 3020 / CVE-2016-1551 / VU#718152
    Affects: On a very limited number of OSes, all NTP releases up to, but not including 4.2.8p7, and 4.3.0 up to, but not including 4.3.92. By "very limited number of OSes" we mean no general-purpose OSes have yet been identified that have this vulnerability.
    CVSS2: LOW 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
    CVSS3: LOW 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
    Summary: While the majority OSes implement martian packet filtering in their network stack, at least regarding 127.0.0.0/8, a rare few will allow packets claiming to be from 127.0.0.0/8 that arrive over physical network. On these OSes, if ntpd is configured to use a reference clock an attacker can inject packets over the network that look like they are coming from that reference clock.
    Mitigation:
        Implement martian packet filtering and BCP-38.
        Configure ntpd to use an adequate number of time sources.
        Upgrade to 4.2.8p7, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page
        If you are unable to upgrade and if you are running an OS that has this vulnerability, implement martian packet filters and lobby your OS vendor to fix this problem, or run your refclocks on computers that use OSes that are not vulnerable to these attacks and have your vulnerable machines get their time from protected resources.
        Properly monitor your ntpd instances 
    Credit: This weakness was discovered by Matt Street and others of Cisco ASIG.

Comment 1 Swamp Workflow Management 2016-04-27 22:02:57 UTC

bugbot adjusting priority

Comment 4 Swamp Workflow Management 2016-05-11 16:09:07 UTC

SUSE-SU-2016:1278-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 957226,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464
CVE References: CVE-2015-7704,CVE-2015-7705,CVE-2015-7974,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    ntp-4.2.8p7-11.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ntp-4.2.8p7-11.1

Comment 5 Swamp Workflow Management 2016-05-12 18:09:42 UTC

SUSE-SU-2016:1291-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 957226,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464
CVE References: CVE-2015-7704,CVE-2015-7705,CVE-2015-7974,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    ntp-4.2.8p7-11.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    ntp-4.2.8p7-11.1

Comment 7 Bernhard Wiedemann 2016-05-18 10:02:07 UTC

This is an autogenerated message for OBS integration:
This bug (977450) was mentioned in
https://build.opensuse.org/request/show/396591 13.2 / ntp

Comment 8 Swamp Workflow Management 2016-05-18 12:10:48 UTC

openSUSE-SU-2016:1329-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 957226,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464
CVE References: CVE-2015-7704,CVE-2015-7705,CVE-2015-7974,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519
Sources used:
openSUSE Leap 42.1 (src):    ntp-4.2.8p7-21.1

Comment 9 Swamp Workflow Management 2016-05-27 13:20:45 UTC

openSUSE-SU-2016:1423-1: An update that fixes 37 vulnerabilities is now available.

Category: security (moderate)
Bug References: 782060,905885,910063,916617,920238,926510,936327,942587,944300,946386,951559,951608,951629,954982,956773,957226,962318,962784,962802,962960,962966,962970,962988,962995,963000,963002,975496,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464
CVE References: CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519
Sources used:
openSUSE 13.2 (src):    ntp-4.2.8p7-25.15.1

Comment 10 Swamp Workflow Management 2016-06-01 16:08:52 UTC

SUSE-SU-2016:1471-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 957226,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464
CVE References: CVE-2015-7704,CVE-2015-7705,CVE-2015-7974,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519
Sources used:
SUSE OpenStack Cloud 5 (src):    ntp-4.2.8p7-44.1
SUSE Manager Proxy 2.1 (src):    ntp-4.2.8p7-44.1
SUSE Manager 2.1 (src):    ntp-4.2.8p7-44.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    ntp-4.2.8p7-44.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    ntp-4.2.8p7-44.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    ntp-4.2.8p7-44.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    ntp-4.2.8p7-44.1

Comment 12 Swamp Workflow Management 2016-06-14 10:09:06 UTC

SUSE-SU-2016:1568-1: An update that solves 17 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 957226,962960,977450,977451,977452,977455,977457,977458,977459,977461,977464,979302,979981,981422,982064,982065,982066,982067,982068
CVE References: CVE-2015-7704,CVE-2015-7705,CVE-2015-7974,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519,CVE-2016-4953,CVE-2016-4954,CVE-2016-4955,CVE-2016-4956,CVE-2016-4957
Sources used:
SUSE Linux Enterprise Server 12 (src):    ntp-4.2.8p8-46.8.1
SUSE Linux Enterprise Desktop 12 (src):    ntp-4.2.8p8-46.8.1

Comment 13 Swamp Workflow Management 2016-06-14 15:36:03 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2016-06-21.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62822

Comment 14 Swamp Workflow Management 2016-07-29 17:14:14 UTC

SUSE-SU-2016:1912-1: An update that solves 43 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 782060,784760,905885,910063,916617,920183,920238,920893,920895,920905,924202,926510,936327,943218,943221,944300,951351,951559,951629,952611,957226,962318,962784,962802,962960,962966,962970,962988,962995,963000,963002,975496,977450,977451,977452,977455,977457,977458,977459,977461,977464,979302,981422,982056,982064,982065,982066,982067,982068,988417,988558,988565
CVE References: CVE-2015-1798,CVE-2015-1799,CVE-2015-5194,CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8158,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519,CVE-2016-4953,CVE-2016-4954,CVE-2016-4955,CVE-2016-4956,CVE-2016-4957
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    ntp-4.2.8p8-0.7.1

Comment 15 Marcus Meissner 2016-08-01 08:34:31 UTC

all released