====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN088
_____________________________________________________________________

DATE                : 02/03/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running ntp versions prior to 4.2.8p11.

=====================================================================
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
_____________________________________________________________________

February 2018 ntp-4.2.8p11 NTP Security Vulnerability Announcement

The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11.

This release addresses five security issues in ntpd:

    LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil
vulnerability: ephemeral association attack
        While fixed in ntp-4.2.8p7, there are significant additional
protections for this issue in 4.2.8p11.
        Reported by Matt Van Gundy of Cisco.

    INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem():
buffer read overrun leads to undefined behavior and information leak
        Reported by Yihan Lian of Qihoo 360.

    LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated
ephemeral associations
        Reported on the questions@ list.

    LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric
mode cannot recover from bad state
        Reported by Miroslav Lichvar of Red Hat.

    LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated
packet can reset authenticated interleaved association
        Reported by Miroslav Lichvar of Red Hat.


one security issue in ntpq:

    MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can
write beyond its buffer limit
        Reported by Michael Macnair of Thales-esecurity.com.

and provides over 33 bugfixes and 32 other improvements.


ENotification of these issues were delivered to our Institutional
members on a rolling basis as they were reported and as progress was
made.

Timeline:

    2018 TENTATIVE: Feb 27: Public release
    2018 Feb 21: VU number assigned. NEWS file updated.
    2018 Feb 20: CVE numbers assigned. NEWS file updated. Tarball
         updated. CERT notified.
    2018 Feb 12: Release to Advance Security Partners containing
         security fixes for Bugs 3453 and 3454, and FIPS and multicast
         regressions.
    2018 Feb 07: Regressions reported for FIPS and multicast mode.
    2018 Feb 05: Bugs 3453 and 3454 reported.
    2018 Jan 23: Initial release to Advance Security Partners.


==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================