Bug 962784 (CVE-2015-7979)

Summary: VUL-0: CVE-2015-7979: ntp,xntp: off-path denial of service on authenticated broadcast mode
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/160907/
Whiteboard: CVSSv2:RedHat:CVE-2015-7979:5.8:(AV:N/AC:M/Au:N/C:N/I:P/A:P) CVSSv2:SUSE:CVE-2015-7979:5.8:(AV:N/AC:M/Au:N/C:N/I:P/A:P) maint:running:62642:low maint:released:oes2015:62656 CVSSv2:RedHat:CVE-2016-4953:2.6:(AV:N/AC:H/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2015-7979:2.6:(AV:N/AC:H/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2016-1547:2.6:(AV:N/AC:H/Au:N/C:N/I:N/A:P) maint:released:sle10-sp4:62913 maint:released:sle10-sp3:62912
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Johannes Segitz 2016-01-20 15:05:13 UTC
http://support.ntp.org/bin/view/Main/NtpBug2942

Summary: An off-path attacker can send broadcast packets with bad authentication (wrong key, mismatched key, incorrect MAC, etc) to broadcast clients. It is observed that the broadcast client tears down the association with the broadcast server upon receiving just one bad packet. 

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1300271
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979
Comment 1 Swamp Workflow Management 2016-01-20 23:01:27 UTC
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2016-01-21 14:27:03 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-02-04.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62463
Comment 3 Bernhard Wiedemann 2016-03-11 13:00:15 UTC
This is an autogenerated message for OBS integration:
This bug (962784) was mentioned in
https://build.opensuse.org/request/show/370038 Factory / ntp
Comment 7 Swamp Workflow Management 2016-04-28 17:10:18 UTC
SUSE-SU-2016:1175-1: An update that solves 12 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 782060,784760,916617,951559,951629,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981
CVE References: CVE-2015-5300,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    ntp-4.2.8p6-8.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ntp-4.2.8p6-8.2
Comment 8 Swamp Workflow Management 2016-04-28 17:13:42 UTC
SUSE-SU-2016:1177-1: An update that solves 12 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 782060,916617,937837,951559,951629,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981
CVE References: CVE-2015-5300,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    yast2-ntp-client-3.1.22-6.2
SUSE Linux Enterprise Server 12-SP1 (src):    ntp-4.2.8p6-8.2, yast2-ntp-client-3.1.22-6.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    ntp-4.2.8p6-8.2, yast2-ntp-client-3.1.22-6.2
Comment 9 Swamp Workflow Management 2016-05-06 11:11:09 UTC
SUSE-SU-2016:1247-1: An update that solves 28 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 782060,905885,910063,916617,920238,926510,936327,937837,942587,944300,946386,951559,951608,951629,954982,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981
CVE References: CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    yast2-ntp-client-3.1.12.4-8.2
SUSE Linux Enterprise Server 12 (src):    ntp-4.2.8p6-46.5.2, yast2-ntp-client-3.1.12.4-8.2
SUSE Linux Enterprise Desktop 12 (src):    ntp-4.2.8p6-46.5.2, yast2-ntp-client-3.1.12.4-8.2
Comment 10 Swamp Workflow Management 2016-05-12 19:09:09 UTC
openSUSE-SU-2016:1292-1: An update that solves 12 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 782060,916617,937837,951559,951629,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981
CVE References: CVE-2015-5300,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158
Sources used:
openSUSE Leap 42.1 (src):    ntp-4.2.8p6-15.1, yast2-ntp-client-3.1.22-6.1
Comment 11 Swamp Workflow Management 2016-05-17 13:13:54 UTC
SUSE-SU-2016:1311-1: An update that solves 30 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 782060,784760,905885,910063,916617,920183,920238,926510,936327,937837,942441,942587,943216,943218,944300,946386,951351,951559,951608,951629,954982,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981
CVE References: CVE-2015-5194,CVE-2015-5219,CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158
Sources used:
SUSE OpenStack Cloud 5 (src):    ntp-4.2.8p6-41.1
SUSE Manager Proxy 2.1 (src):    ntp-4.2.8p6-41.1
SUSE Manager 2.1 (src):    ntp-4.2.8p6-41.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    ntp-4.2.8p6-41.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    ntp-4.2.8p6-41.1, yast2-ntp-client-2.17.14.1-1.12.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    ntp-4.2.8p6-41.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    ntp-4.2.8p6-41.1
Comment 12 Bernhard Wiedemann 2016-05-18 10:01:03 UTC
This is an autogenerated message for OBS integration:
This bug (962784) was mentioned in
https://build.opensuse.org/request/show/396591 13.2 / ntp
Comment 13 Swamp Workflow Management 2016-05-27 13:19:03 UTC
openSUSE-SU-2016:1423-1: An update that fixes 37 vulnerabilities is now available.

Category: security (moderate)
Bug References: 782060,905885,910063,916617,920238,926510,936327,942587,944300,946386,951559,951608,951629,954982,956773,957226,962318,962784,962802,962960,962966,962970,962988,962995,963000,963002,975496,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464
CVE References: CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519
Sources used:
openSUSE 13.2 (src):    ntp-4.2.8p7-25.15.1
Comment 14 Marcus Meissner 2016-06-02 12:53:39 UTC
all go released
Comment 15 Swamp Workflow Management 2016-06-14 15:36:34 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2016-06-21.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62822
Comment 16 Swamp Workflow Management 2016-07-29 17:12:48 UTC
SUSE-SU-2016:1912-1: An update that solves 43 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 782060,784760,905885,910063,916617,920183,920238,920893,920895,920905,924202,926510,936327,943218,943221,944300,951351,951559,951629,952611,957226,962318,962784,962802,962960,962966,962970,962988,962995,963000,963002,975496,977450,977451,977452,977455,977457,977458,977459,977461,977464,979302,981422,982056,982064,982065,982066,982067,982068,988417,988558,988565
CVE References: CVE-2015-1798,CVE-2015-1799,CVE-2015-5194,CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8158,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519,CVE-2016-4953,CVE-2016-4954,CVE-2016-4955,CVE-2016-4956,CVE-2016-4957
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    ntp-4.2.8p8-0.7.1