ALAS-2015-520


Amazon Linux AMI Security Advisory: ALAS-2015-520
Advisory Release Date: 2015-05-05 15:56 Pacific
Advisory Updated Date: 2015-05-24 14:16 Pacific
Severity: Important

Issue Overview:

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. (CVE-2015-1798)

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. (CVE-2015-1799)

This update also addresses <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1196635">leap-second handling</a>. With older ntp versions, the -x option was sometimes used as a workaround to avoid kernel inserting/deleting leap seconds by stepping the clock and possibly upsetting running applications. That no longer works with 4.2.6 as ntpd steps the clock itself when a leap second occurs. The fix is to treat the one second offset gained during leap second as a normal offset and check the stepping threshold (set by -x or tinker step) to decide if a step should be applied. See <a href="https://forums.aws.amazon.com/ann.jspa?annID=3064">this forum post</a> for more information on the Amazon Linux AMI's leap-second handling.


Affected Packages:

ntp


Issue Correction:
Run yum update ntp to update your system.

New Packages:
i686:
    ntp-debuginfo-4.2.6p5-30.24.amzn1.i686
    ntp-4.2.6p5-30.24.amzn1.i686
    ntpdate-4.2.6p5-30.24.amzn1.i686

noarch:
    ntp-doc-4.2.6p5-30.24.amzn1.noarch
    ntp-perl-4.2.6p5-30.24.amzn1.noarch

src:
    ntp-4.2.6p5-30.24.amzn1.src

x86_64:
    ntp-4.2.6p5-30.24.amzn1.x86_64
    ntpdate-4.2.6p5-30.24.amzn1.x86_64
    ntp-debuginfo-4.2.6p5-30.24.amzn1.x86_64