Mandriva Linux Security Advisory 2015-202 - The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service by spoofing the source IP address of a peer. The updated packages provides a solution for these security issues.
39d7e9d9c815116af8efb6b2b36884a1c2b1f7b8ca467d0e4c5f247ed4954f77
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:202
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : ntp
Date : April 10, 2015
Affected: Business Server 1.0, Business Server 2.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in ntp:
The symmetric-key feature in the receive function in ntp_proto.c
in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC
field has a nonzero length, which makes it easier for man-in-the-middle
attackers to spoof packets by omitting the MAC (CVE-2015-1798).
The symmetric-key feature in the receive function in ntp_proto.c
in ntpd in NTP before 4.2.8p2 performs state-variable updates
upon receiving certain invalid packets, which makes it easier
for man-in-the-middle attackers to cause a denial of service
(synchronization loss) by spoofing the source IP address of a peer
(CVE-2015-1799).
The updated packages provides a solution for these security issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
b0f98e6b8700e3e3413582fe28d1ba06 mbs1/x86_64/ntp-4.2.6p5-8.4.mbs1.x86_64.rpm
d864780718c95368bf9ec81643e35e5d mbs1/x86_64/ntp-client-4.2.6p5-8.4.mbs1.x86_64.rpm
6f457df52d46fb8e6b0fe44aead752eb mbs1/x86_64/ntp-doc-4.2.6p5-8.4.mbs1.x86_64.rpm
b4bff3de733ea6d2839a77a9211ce02b mbs1/SRPMS/ntp-4.2.6p5-8.4.mbs1.src.rpm
Mandriva Business Server 2/X86_64:
e9ac2f3465bcc50199aef8a4d553927f mbs2/x86_64/ntp-4.2.6p5-16.3.mbs2.x86_64.rpm
cf2970c3c56efbfa84f964532ad64544 mbs2/x86_64/ntp-client-4.2.6p5-16.3.mbs2.x86_64.rpm
1ae1b1d3c2e7bdea25c01c33652b6169 mbs2/x86_64/ntp-doc-4.2.6p5-16.3.mbs2.noarch.rpm
d250433009fd187361bda6338dc5eede mbs2/SRPMS/ntp-4.2.6p5-16.3.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVJ6PCmqjQ0CJFipgRAkidAKCQXSLNnIG/bOaH5Cf128VX61GlgwCfcOtE
KGIFB9onVvWrhThuQdgmYJg=
=QHmi
-----END PGP SIGNATURE-----