Network Time Foundation reports:
NTF's NTP Project has been notified of the following low-
and medium-severity vulnerabilities that are fixed in
ntp-4.2.8p7, released on Tuesday, 26 April 2016:
- Bug 3020 / CVE-2016-1551: Refclock impersonation
vulnerability, AKA: refclock-peering. Reported by
Matt Street and others of Cisco ASIG
- Bug 3012 / CVE-2016-1549: Sybil vulnerability:
ephemeral association attack, AKA: ntp-sybil -
MITIGATION ONLY. Reported by Matthew Van Gundy
of Cisco ASIG
- Bug 3011 / CVE-2016-2516: Duplicate IPs on
unconfig directives will cause an assertion botch.
Reported by Yihan Lian of the Cloud Security Team,
Qihoo 360
- Bug 3010 / CVE-2016-2517: Remote configuration
trustedkey/requestkey values are not properly
validated. Reported by Yihan Lian of the Cloud
Security Team, Qihoo 360
- Bug 3009 / CVE-2016-2518: Crafted addpeer with
hmode > 7 causes array wraparound with MATCH_ASSOC.
Reported by Yihan Lian of the Cloud Security Team,
Qihoo 360
- Bug 3008 / CVE-2016-2519: ctl_getitem() return
value not always checked. Reported by Yihan Lian
of the Cloud Security Team, Qihoo 360
- Bug 3007 / CVE-2016-1547: Validate crypto-NAKs,
AKA: nak-dos. Reported by Stephen Gray and
Matthew Van Gundy of Cisco ASIG
- Bug 2978 / CVE-2016-1548: Interleave-pivot -
MITIGATION ONLY. Reported by Miroslav Lichvar of
RedHat and separately by Jonathan Gardner of
Cisco ASIG.
- Bug 2952 / CVE-2015-7704: KoD fix: peer
associations were broken by the fix for
NtpBug2901, AKA: Symmetric active/passive mode
is broken. Reported by Michael Tatarinov,
NTP Project Developer Volunteer
- Bug 2945 / Bug 2901 / CVE-2015-8138: Zero
Origin Timestamp Bypass, AKA: Additional KoD Checks.
Reported by Jonathan Gardner of Cisco ASIG
- Bug 2879 / CVE-2016-1550: Improve NTP security
against buffer comparison timing attacks,
authdecrypt-timing, AKA: authdecrypt-timing.
Reported independently by Loganaden Velvindron,
and Matthew Van Gundy and Stephen Gray of
Cisco ASIG.