Bug 1340852 (CVE-2016-4953)

Summary: CVE-2016-4953 ntp: bad authentication demobilizes ephemeral associations
Product: [Other] Security Response Reporter: Martin Prpič <mprpic>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: mlichvar, sardella, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ntp-4.2.8p7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-30 13:07:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1302226    

Description Martin Prpič 2016-05-30 12:23:55 UTC 
It was found that the fixes for CVE-2015-7979 and CVE-2016-1547 were incomplete: An attacker can send a spoofed packet that contains an invalid MAC to a client/peer and demobilize its ephemeral association.
Comment 1 Martin Prpič 2016-05-30 12:23:59 UTC 
Acknowledgments:

Name: Miroslav Lichvar (Red Hat)
Comment 2 Martin Prpič 2016-05-30 13:07:19 UTC 
Statement:

This issue did not affect the versions of ntp as shipped with any Red Hat Enterprise Linux version as they already included a fix for this issue in the patch provided to fix the CVE-2015-7979 issue. The fix for this issue (developed by Red Hat) was different from the one provided by upstream, and thus ntp versions in RHEL are not affected by CVE-2016-4953.
Comment 3 Martin Prpič 2016-06-02 13:41:44 UTC 
Upstream bug:

http://support.ntp.org/bin/view/Main/NtpBug3045

External References:

http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi