Bug 1011395 - (CVE-2016-7431) VUL-0: CVE-2016-7431: ntp: Zero Origin timestamp regression
(CVE-2016-7431)
VUL-0: CVE-2016-7431: ntp: Zero Origin timestamp regression
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:RedHat:CVE-2016-7431:5.0:(AV:N...
:
Depends on:
Blocks: 1011421
  Show dependency treegraph
 
Reported: 2016-11-21 16:45 UTC by Matthias Gerstner
Modified: 2017-06-12 22:42 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Gerstner 2016-11-21 16:45:00 UTC
Summary: Zero Origin timestamp problems were fixed by Bug 2945 in ntp-4.2.8p6. However, subsequent timestamp validation checks introduced a regression in the handling of some Zero origin timestamp checks.

This seems to allow IP spoofing.

Mitigation:

- Implement BCP-38.
- Upgrade to 4.2.8p9, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page
- Properly monitor your ntpd instances, and auto-restart ntpd (without -g) if it stops running.

Credit: This weakness was discovered by Sharon Goldberg and Aanchal Malhotra of Boston University.
Comment 1 Matthias Gerstner 2016-11-21 16:45:59 UTC
QA reproducer: A POC script and instructions are provided as attachments here: http://bugs.ntp.org/show_bug.cgi?id=3102
Comment 2 Matthias Gerstner 2016-11-21 17:28:55 UTC
http://support.ntp.org/bin/view/Main/NtpBug3102
Comment 3 Swamp Workflow Management 2016-11-21 23:02:06 UTC
bugbot adjusting priority
Comment 4 Swamp Workflow Management 2016-11-24 15:33:21 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-12-08.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63222
Comment 5 Reinhard Max 2016-11-24 15:56:26 UTC
Packages submitted.
Comment 7 Swamp Workflow Management 2016-12-02 05:29:26 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-12-16.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63244
Comment 8 Swamp Workflow Management 2016-12-19 20:08:01 UTC
SUSE-SU-2016:3193-1: An update that solves 12 vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1009434,1011377,1011390,1011395,1011398,1011404,1011406,1011411,1011417,943216,956365,981252,988028,992038,992606
CVE References: CVE-2015-5219,CVE-2015-8139,CVE-2015-8140,CVE-2016-7426,CVE-2016-7427,CVE-2016-7428,CVE-2016-7429,CVE-2016-7431,CVE-2016-7433,CVE-2016-7434,CVE-2016-9310,CVE-2016-9311
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    ntp-4.2.8p9-57.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ntp-4.2.8p9-57.2
Comment 9 Swamp Workflow Management 2016-12-19 20:11:14 UTC
SUSE-SU-2016:3195-1: An update that solves 10 vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1009434,1011377,1011390,1011395,1011398,1011404,1011406,1011411,1011417,943216,956365,981252,988028,992038,992606
CVE References: CVE-2015-5219,CVE-2016-7426,CVE-2016-7427,CVE-2016-7428,CVE-2016-7429,CVE-2016-7431,CVE-2016-7433,CVE-2016-7434,CVE-2016-9310,CVE-2016-9311
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ntp-4.2.8p9-55.1
SUSE Linux Enterprise Server 12-SP2 (src):    ntp-4.2.8p9-55.1
SUSE Linux Enterprise Server 12-SP1 (src):    ntp-4.2.8p9-55.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ntp-4.2.8p9-55.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    ntp-4.2.8p9-55.1
Comment 10 Swamp Workflow Management 2016-12-19 20:13:46 UTC
SUSE-SU-2016:3196-1: An update that solves 10 vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1009434,1011377,1011390,1011395,1011398,1011404,1011406,1011411,1011417,943216,956365,981252,988028,992038,992606
CVE References: CVE-2015-5219,CVE-2016-7426,CVE-2016-7427,CVE-2016-7428,CVE-2016-7429,CVE-2016-7431,CVE-2016-7433,CVE-2016-7434,CVE-2016-9310,CVE-2016-9311
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    ntp-4.2.8p9-46.18.1
SUSE Linux Enterprise Server 12-LTSS (src):    ntp-4.2.8p9-46.18.1
Comment 11 Swamp Workflow Management 2016-12-28 15:07:42 UTC
openSUSE-SU-2016:3280-1: An update that solves 10 vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1009434,1011377,1011390,1011395,1011398,1011404,1011406,1011411,1011417,943216,956365,981252,988028,992038,992606
CVE References: CVE-2015-5219,CVE-2016-7426,CVE-2016-7427,CVE-2016-7428,CVE-2016-7429,CVE-2016-7431,CVE-2016-7433,CVE-2016-7434,CVE-2016-9310,CVE-2016-9311
Sources used:
openSUSE Leap 42.2 (src):    ntp-4.2.8p9-27.1
openSUSE Leap 42.1 (src):    ntp-4.2.8p9-27.1
Comment 12 Swamp Workflow Management 2017-01-23 15:09:39 UTC
SUSE-SU-2017:0255-1: An update that solves 12 vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1009434,1011377,1011390,1011395,1011398,1011404,1011406,1011411,1011417,943216,956365,981252,988028,992038,992606
CVE References: CVE-2015-5219,CVE-2015-8139,CVE-2015-8140,CVE-2016-7426,CVE-2016-7427,CVE-2016-7428,CVE-2016-7429,CVE-2016-7431,CVE-2016-7433,CVE-2016-7434,CVE-2016-9310,CVE-2016-9311
Sources used:
SUSE OpenStack Cloud 5 (src):    ntp-4.2.8p9-48.9.1
SUSE Manager Proxy 2.1 (src):    ntp-4.2.8p9-48.9.1
SUSE Manager 2.1 (src):    ntp-4.2.8p9-48.9.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    ntp-4.2.8p9-48.9.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    ntp-4.2.8p9-48.9.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    ntp-4.2.8p9-48.9.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    ntp-4.2.8p9-48.9.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    ntp-4.2.8p9-48.9.1
Comment 13 Marcus Meissner 2017-03-02 13:59:35 UTC
released