Red Hat Customer Portal

Skip to main content

Security Advisory Important: ntp security update

Advisory: RHSA-2014:2025-1
Type: Security Advisory
Severity: Important
Issued on: 2014-12-20
Last updated on: 2014-12-20
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2014-9293
CVE-2014-9294
CVE-2014-9295

Details

Updated ntp packages that fix several security issues are now available for
Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

The Network Time Protocol (NTP) is used to synchronize a computer's time
with a referenced time source.

Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(),
ctl_putdata(), and configure() functions. A remote attacker could use
either of these flaws to send a specially crafted request packet that could
crash ntpd or, potentially, execute arbitrary code with the privileges of
the ntp user. Note: the crypto_recv() flaw requires non-default
configurations to be active, while the ctl_putdata() flaw, by default, can
only be exploited via local attackers, and the configure() flaw requires
additional authentication to exploit. (CVE-2014-9295)

It was found that ntpd automatically generated weak keys for its internal
use if no ntpdc request authentication key was specified in the ntp.conf
configuration file. A remote attacker able to match the configured IP
restrictions could guess the generated key, and possibly use it to send
ntpdc query or configuration requests. (CVE-2014-9293)

It was found that ntp-keygen used a weak method for generating MD5 keys.
This could possibly allow an attacker to guess generated MD5 keys that
could then be used to spoof an NTP client or server. Note: it is
recommended to regenerate any MD5 keys that had explicitly been generated
with ntp-keygen; the default installation does not contain such keys).
(CVE-2014-9294)

All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing the
update, the ntpd daemon will restart automatically.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
ntp-4.2.2p1-18.el5_11.src.rpm     MD5: adf1b28b28ccb915d1a0e834b809dea9
SHA-256: 8f0ccf4707db66bc41ea01c6119bfec0d2dba126a11c39e359966057928299f9
 
IA-32:
ntp-4.2.2p1-18.el5_11.i386.rpm     MD5: 459ed4c36000abae830e2530caab81bc
SHA-256: 94afc65ee6e0ee540563aac2507695df2e3368f92e00f3dc64eabbce5e4d2e50
ntp-debuginfo-4.2.2p1-18.el5_11.i386.rpm     MD5: 86a23c2f28076f3b2c2c9e8667517efd
SHA-256: 5b3712dc6d046f1ebce1b90b18ad772628a37240332e4fe1f510d51f4cf3b5fe
 
IA-64:
ntp-4.2.2p1-18.el5_11.ia64.rpm     MD5: c346af347515a87d83a19c27a49f1c37
SHA-256: 0d3e4156f255f1461f6df1521a78ed1978c509cc9cb9233afe1ead53edb049fb
ntp-debuginfo-4.2.2p1-18.el5_11.ia64.rpm     MD5: 87ba6611fd9286a7c0fd9e4f8206e167
SHA-256: 7f87470f2958e7bcd2524b042be873778194b8bc2da9d3ab66531cb12947a6d8
 
PPC:
ntp-4.2.2p1-18.el5_11.ppc.rpm     MD5: 551d0248feef127479ce7c935c1c7ac6
SHA-256: f3ad9d4135ff65277360326014211a4a5f5775cc391309c1e8d6c31c5c76a087
ntp-debuginfo-4.2.2p1-18.el5_11.ppc.rpm     MD5: 4de7c9a13751abd6693ba2361e59dc86
SHA-256: 776f9cdff989ea89007352291d20b72ed63a1bf85528e805e764c87d1891a119
 
s390x:
ntp-4.2.2p1-18.el5_11.s390x.rpm     MD5: e89fb1e2951dc06bdc4be379805d9637
SHA-256: 8c5cab63b1d309d1865c77c639f26d122849c017dd359edde3efb5c7e9d73f5f
ntp-debuginfo-4.2.2p1-18.el5_11.s390x.rpm     MD5: 417c715a23135528919d8bce8301c924
SHA-256: a1e2beeb60aa56c8bde4e77f614ff74029b1531bd6ead7f2fc4bd84f306ab638
 
x86_64:
ntp-4.2.2p1-18.el5_11.x86_64.rpm     MD5: 25ac2d1ed78186eecfd6ea52f2d8680c
SHA-256: a1fdb05bdf0fb3641725ef5e491d240ab804203a768593ab1fbd303c626324f1
ntp-debuginfo-4.2.2p1-18.el5_11.x86_64.rpm     MD5: 1a4bf6846ad46294fe13466b1912af9a
SHA-256: f8d4540d899c7a34c17c09cb2472b5a46761e6ecfbc4d25b47b042b1115d529b
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
ntp-4.2.2p1-18.el5_11.src.rpm     MD5: adf1b28b28ccb915d1a0e834b809dea9
SHA-256: 8f0ccf4707db66bc41ea01c6119bfec0d2dba126a11c39e359966057928299f9
 
IA-32:
ntp-4.2.2p1-18.el5_11.i386.rpm     MD5: 459ed4c36000abae830e2530caab81bc
SHA-256: 94afc65ee6e0ee540563aac2507695df2e3368f92e00f3dc64eabbce5e4d2e50
ntp-debuginfo-4.2.2p1-18.el5_11.i386.rpm     MD5: 86a23c2f28076f3b2c2c9e8667517efd
SHA-256: 5b3712dc6d046f1ebce1b90b18ad772628a37240332e4fe1f510d51f4cf3b5fe
 
x86_64:
ntp-4.2.2p1-18.el5_11.x86_64.rpm     MD5: 25ac2d1ed78186eecfd6ea52f2d8680c
SHA-256: a1fdb05bdf0fb3641725ef5e491d240ab804203a768593ab1fbd303c626324f1
ntp-debuginfo-4.2.2p1-18.el5_11.x86_64.rpm     MD5: 1a4bf6846ad46294fe13466b1912af9a
SHA-256: f8d4540d899c7a34c17c09cb2472b5a46761e6ecfbc4d25b47b042b1115d529b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()
1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys
1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/