Bugzilla – Bug 977458
VUL-0: CVE-2016-2519: ntp: ctl_getitem() return value not always checked
Last modified: 2016-08-18 15:52:46 UTC
+++ This bug was initially created as a clone of Bug #977446 +++ NTP Bug 3008 ctl_getitem() return value not always checked Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 References: Sec 3008 / CVE-2016-2519 / VU#718152 Affects: All ntp-4 releases up to, but not including 4.2.8p7, and 4.3.0 up to, but not including 4.3.92 CVSS2: MED 4.9 (AV:N/AC:H/Au:S/C:N/I:N/A:C) CVSS3: MED 4.2 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H Summary: ntpq and ntpdc can be used to store and retrieve information in ntpd. It is possible to store a data value that is larger than the size of the buffer that the ctl_getitem() function of ntpd uses to report the return value. If the length of the requested data value returned by ctl_getitem() is too large, the value NULL is returned instead. There are 2 cases where the return value from ctl_getitem() was not directly checked to make sure it's not NULL, but there are subsequent INSIST() checks that make sure the return value is not NULL. There are no data values ordinarily stored in ntpd that would exceed this buffer length. But if one has permission to store values and one stores a value that is "too large", then ntpd will abort if an attempt is made to read that oversized value. Mitigation: Implement BCP-38. Upgrade to 4.2.8p7, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page Properly monitor your ntpd instances Credit: This weakness was discovered by Yihan Lian of the Cloud Security Team, Qihoo 360.
bugbot adjusting priority
SUSE-SU-2016:1278-1: An update that fixes 12 vulnerabilities is now available. Category: security (important) Bug References: 957226,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464 CVE References: CVE-2015-7704,CVE-2015-7705,CVE-2015-7974,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): ntp-4.2.8p7-11.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ntp-4.2.8p7-11.1
SUSE-SU-2016:1291-1: An update that fixes 12 vulnerabilities is now available. Category: security (important) Bug References: 957226,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464 CVE References: CVE-2015-7704,CVE-2015-7705,CVE-2015-7974,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519 Sources used: SUSE Linux Enterprise Server 12-SP1 (src): ntp-4.2.8p7-11.1 SUSE Linux Enterprise Desktop 12-SP1 (src): ntp-4.2.8p7-11.1
This is an autogenerated message for OBS integration: This bug (977458) was mentioned in https://build.opensuse.org/request/show/396591 13.2 / ntp
openSUSE-SU-2016:1329-1: An update that fixes 12 vulnerabilities is now available. Category: security (important) Bug References: 957226,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464 CVE References: CVE-2015-7704,CVE-2015-7705,CVE-2015-7974,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519 Sources used: openSUSE Leap 42.1 (src): ntp-4.2.8p7-21.1
openSUSE-SU-2016:1423-1: An update that fixes 37 vulnerabilities is now available. Category: security (moderate) Bug References: 782060,905885,910063,916617,920238,926510,936327,942587,944300,946386,951559,951608,951629,954982,956773,957226,962318,962784,962802,962960,962966,962970,962988,962995,963000,963002,975496,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464 CVE References: CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519 Sources used: openSUSE 13.2 (src): ntp-4.2.8p7-25.15.1
SUSE-SU-2016:1471-1: An update that fixes 12 vulnerabilities is now available. Category: security (important) Bug References: 957226,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464 CVE References: CVE-2015-7704,CVE-2015-7705,CVE-2015-7974,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519 Sources used: SUSE OpenStack Cloud 5 (src): ntp-4.2.8p7-44.1 SUSE Manager Proxy 2.1 (src): ntp-4.2.8p7-44.1 SUSE Manager 2.1 (src): ntp-4.2.8p7-44.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): ntp-4.2.8p7-44.1 SUSE Linux Enterprise Server 11-SP2-LTSS (src): ntp-4.2.8p7-44.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): ntp-4.2.8p7-44.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): ntp-4.2.8p7-44.1
SUSE-SU-2016:1568-1: An update that solves 17 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 957226,962960,977450,977451,977452,977455,977457,977458,977459,977461,977464,979302,979981,981422,982064,982065,982066,982067,982068 CVE References: CVE-2015-7704,CVE-2015-7705,CVE-2015-7974,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519,CVE-2016-4953,CVE-2016-4954,CVE-2016-4955,CVE-2016-4956,CVE-2016-4957 Sources used: SUSE Linux Enterprise Server 12 (src): ntp-4.2.8p8-46.8.1 SUSE Linux Enterprise Desktop 12 (src): ntp-4.2.8p8-46.8.1
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2016-06-21. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62822
SUSE-SU-2016:1912-1: An update that solves 43 vulnerabilities and has 9 fixes is now available. Category: security (important) Bug References: 782060,784760,905885,910063,916617,920183,920238,920893,920895,920905,924202,926510,936327,943218,943221,944300,951351,951559,951629,952611,957226,962318,962784,962802,962960,962966,962970,962988,962995,963000,963002,975496,977450,977451,977452,977455,977457,977458,977459,977461,977464,979302,981422,982056,982064,982065,982066,982067,982068,988417,988558,988565 CVE References: CVE-2015-1798,CVE-2015-1799,CVE-2015-5194,CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8158,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519,CVE-2016-4953,CVE-2016-4954,CVE-2016-4955,CVE-2016-4956,CVE-2016-4957 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): ntp-4.2.8p8-0.7.1
all released