NTF's NTP Project has been notified of the following low-
and medium-severity vulnerabilities that are fixed in
ntp-4.2.8p6, released on Tuesday, 19 January 2016:
- Bug 2948 / CVE-2015-8158: Potential Infinite Loop
in ntpq. Reported by Cisco ASIG.
- Bug 2945 / CVE-2015-8138: origin: Zero Origin
Timestamp Bypass. Reported by Cisco ASIG.
- Bug 2942 / CVE-2015-7979: Off-path Denial of
Service (DoS) attack on authenticated broadcast
mode. Reported by Cisco ASIG.
- Bug 2940 / CVE-2015-7978: Stack exhaustion in
recursive traversal of restriction list.
Reported by Cisco ASIG.
- Bug 2939 / CVE-2015-7977: reslist NULL pointer
dereference. Reported by Cisco ASIG.
- Bug 2938 / CVE-2015-7976: ntpq saveconfig command
allows dangerous characters in filenames.
Reported by Cisco ASIG.
- Bug 2937 / CVE-2015-7975: nextvar() missing length
check. Reported by Cisco ASIG.
- Bug 2936 / CVE-2015-7974: Skeleton Key: Missing
key check allows impersonation between authenticated
peers. Reported by Cisco ASIG.
- Bug 2935 / CVE-2015-7973: Deja Vu: Replay attack on
authenticated broadcast mode. Reported by Cisco ASIG.
Additionally, mitigations are published for the following
two issues:
- Bug 2947 / CVE-2015-8140: ntpq vulnerable to replay
attacks. Reported by Cisco ASIG.
- Bug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc,
disclose origin. Reported by Cisco ASIG.