Vigil@nce - NTP.org: multiple vulnerabilities
May 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of NTP.org.
Impacted products: Blue Coat CAS, BIG-IP Hardware, TMOS, Fedora,
FreeBSD, Meinberg NTP Server, NTP.org, pfSense, Slackware,
Spectracom SecureSync, Symantec Content and Malware Analysis,
Synology DSM, Synology DS***, Synology RS***.
Severity: 2/4.
Creation date: 22/03/2017.
Revision date: 30/03/2017.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in NTP.org.
An attacker can tamper with packet timestamp, in order to make
target trafic dropped. [severity:2/4; CVE-2016-9042]
An attacker can generate a buffer overflow via ntpq, in order to
trigger a denial of service, and possibly to run code.
[severity:2/4; CVE-2017-6460, NTP-01-002]
An attacker can generate a buffer overflow via mx4200_send(), in
order to trigger a denial of service, and possibly to run code.
[severity:1/4; CVE-2017-6451, NTP-01-003]
An attacker can generate a buffer overflow via ctl_put(), in order
to trigger a denial of service, and possibly to run code.
[severity:2/4; CVE-2017-6458, NTP-01-004]
An attacker can generate a buffer overflow via
addKeysToRegistry(), in order to trigger a denial of service, and
possibly to run code. [severity:1/4; CVE-2017-6459, NTP-01-007]
An attacker can generate a buffer overflow in the MS-Windows
installer, in order to trigger a denial of service, and possibly
to run code. [severity:1/4; CVE-2017-6452, NTP-01-008]
An attacker can define the PPSAPI_DLLS environment variable, in
order to make the server run a library with hight privileges.
[severity:2/4; CVE-2017-6455, NTP-01-009]
An authenticated attacker can submit an invalid configuration
directive, to trigger a denial of service. [severity:2/4;
CVE-2017-6463, NTP-01-012]
A privileged attacker can generate a buffer overflow via
datum_pts_receive(), in order to trigger a denial of service, and
possibly to run code. [severity:1/4; CVE-2017-6462, NTP-01-014]
An authenticated attacker can submit an invalid configuration
directive "mode", to trigger a denial of service. [severity:2/4;
CVE-2017-6464, NTP-01-016]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/NTP-org-multiple-vulnerabilities-22217