Vigil@nce - NTP.org: multiple vulnerabilities
January 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of NTP.org.
Impacted products: Blue Coat CAS, Cisco ASR, Cisco Catalyst, IOS
by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime
Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure,
Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco
Unified CCX, Cisco MeetingPlace, Cisco Unity precise, BIG-IP
Hardware, TMOS, Fedora, FreeBSD, Meinberg NTP Server, NTP.org,
openSUSE Leap, Solaris, Slackware, Spectracom SecureSync, Synology
DSM, Synology DS***, Synology RS***.
Severity: 2/4.
Creation date: 21/11/2016.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in NTP.org.
An attacker can force an assertion error, in order to trigger a
denial of service. [severity:2/4; CVE-2016-9311, TALOS-2016-0204]
An attacker can bypass security features via Mode 6, in order to
obtain sensitive information. [severity:2/4; CVE-2016-9310,
TALOS-2016-0203]
An attacker can trigger a fatal error via Broadcast Mode Replay,
in order to trigger a denial of service. [severity:2/4;
CVE-2016-7427, TALOS-2016-0131]
An attacker can trigger a fatal error via Broadcast Mode Poll
Interval, in order to trigger a denial of service. [severity:2/4;
CVE-2016-7428, TALOS-2016-0130]
An attacker can send malicious UDP packets, in order to trigger a
denial of service on Windows. [severity:2/4; CVE-2016-9312]
An unknown vulnerability was announced via Zero Origin Timestamp.
[severity:2/4; CVE-2016-7431]
An attacker can force a NULL pointer to be dereferenced via
_IO_str_init_static_internal(), in order to trigger a denial of
service. [severity:2/4; CVE-2016-7434]
An unknown vulnerability was announced via Interface selection.
[severity:2/4; CVE-2016-7429]
An attacker can trigger a fatal error via Client Rate Limiting, in
order to trigger a denial of service. [severity:2/4; CVE-2016-7426]
An unknown vulnerability was announced via Reboot Sync.
[severity:2/4; CVE-2016-7433]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/NTP-org-multiple-vulnerabilities-21170