Документ взят из кэша поисковой машины. Адрес оригинального документа : http://theory.sinp.msu.ru/pipermail/ru-ngi/2015q1/001487.html
Дата изменения: Thu Jan 15 15:29:15 2015
Дата индексирования: Sun Apr 10 18:10:26 2016
Кодировка:
[RU-NGI] Fwd: [Noc-managers] [Heads up][ EGI SVG/CSIRT] [EGI-ADV-20150105] EGI CSIRT alert 'High' Risk - CVE-2014-9295 - Remote code execution in NTP - [EGI-ADV-20150106]

[RU-NGI] Fwd: [Noc-managers] [Heads up][ EGI SVG/CSIRT] [EGI-ADV-20150105] EGI CSIRT alert 'High' Risk - CVE-2014-9295 - Remote code execution in NTP - [EGI-ADV-20150106]

Alexander Kryukov kryukov at theory.sinp.msu.ru
Wed Jan 7 21:24:33 MSK 2015 

FYI


-------- Forwarded Message --------
Subject: [Noc-managers] [Heads up][ EGI SVG/CSIRT] [EGI-ADV-20150105] 
EGI CSIRT alert 'High' Risk - CVE-2014-9295 - Remote code execution in 
NTP - [EGI-ADV-20150106]
Date: Wed, 07 Jan 2015 17:39:30 +0100
From: Sven Gabriel <sveng at nikhef.nl>
To: site-security-contacts at mailman.egi.eu, 
ngi-security-contacts at mailman.egi.eu
CC: noc-managers at mailman.egi.eu, svg-rat at mailman.egi.eu, 
csirt at mailman.egi.eu

** WHITE information - Unlimited distribution allowed 
     **

** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution 
restrictions **


Title:       EGI CSIRT alert 'High' Risk - CVE-2014-9295 - Remote code
		execution in NTP - [EGI-ADV-20150106]

Date:        2015-01-07
Updated:

URL:         https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/Ntp-2015-01-06


Introduction
============

A security notice has been made by NTP [R 1] describing various
vulnerabilities, including remote code execution.

This vulnerability is not exploitable in the default configuration of NTP.

This has been resolved, and sites are recommended to update. In particular,
sites are recommended to ensure they do not have the combination of a
vulnerable version of NTP and configuration which allows the 
vulnerability to
be exploited.



Details
=======

A remote attacker can send a carefully crafted packet that can overflow 
a stack
buffer and potentially allow malicious code to be executed with the 
privilege
level of the ntpd process.

This is exploitable when Autokey Authentication is enabled (i.e. the 
ntp.conf
  file contains a 'crypto pw ...' directive).

More info is available on the ntp page [R 1] NVD page [R 2] and the NTP 
site
[R 3]


Risk category
=============

This issue has been assessed as 'High'  the EGI CSIRT and EGI SVG Risk
Assessment Team


Affected software
=================

This has been fixed in NTP version to 4.2.8.

Earlier versions are likely to be vulnerable.


Mitigation
==========

This is not exploitable in the default configuration of NTP.


Component installation information
==================================

Sites should upgrade to NTP version 4.2.8 or later.


Updates are available for the following RHEL-compatibles

  - CentOS,
http://lists.centos.org/pipermail/centos-announce/2014-December/020852.html
and
http://lists.centos.org/pipermail/centos-announce/2014-December/020851.html

  - RedHat, https://rhn.redhat.com/errata/RHSA-2014-2024.html and
https://rhn.redhat.com/errata/RHSA-2014-2025.html

  - Scientific Linux,
https://www.scientificlinux.org/sl-errata/slsa-20142024-1/ and
https://www.scientificlinux.org/sl-errata/slsa-20142025-1/



Recommendations
===============

Sites are recommended to update relevant components if they have not 
done so
already, and in particular to check that they do not have the 
combination of a
vulnerable component and the configuration which exposes the vulnerability.


Credit
======

CSIRT and SVG were alerted to this vulnerability by Leif Nixon.

References
==========

[R 1] NTP site http://support.ntp.org/bin/view/Main/SecurityNotice


[R 2] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9295


[R 3] Redhat Notice https://bugzilla.redhat.com/show_bug.cgi?id=1176037#c11

Timeline
========
Yyyy-mm-dd

2014-12-19 EGI CSIRT and SVG alerted to this Vulnerability by Leif Nixon.
2014-12-19 Agreed not critical for EGI, therefore no urgent action.
2015-01-05 Agreed it needs risk assessing in EGI IRTF meeting.
2015-01-05 Assessment by the EGI Software Vulnerability Group/CSIRT 
agreed as
'High' and that alert/advisory should be sent.
2015-01-06 Alert issued.



On behalf of the EGI CSIRT,

Sven Gabriel
-- 
========
Sven Gabriel

Nikhef, Dutch National Institute for Sub-atomic Physics
Group Computer Technology / Room: H1.59
Phone: +31 20 5925103
Science Park 105 / 1098 XG Amsterdam / The Netherlands

-- 
A.Kryukov, PhD
Head of laboratory, SINP MSU
Phone: +7 495 939-3156


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://theory.sinp.msu.ru/pipermail/ru-ngi/attachments/20150107/a67eaccd/attachment.sig>
-------------- next part --------------
_______________________________________________
Noc-managers mailing list
Noc-managers at mailman.egi.eu
https://mailman.egi.eu/mailman/listinfo/noc-managers

More information about the RU-NGI mailing list