Reset Search
 

 

Article

VN 2015 009 Multiple NTP Vulnerabilities

« Go Back

Vulnerability Notice

 
Vulnerability Summary
Multiple vulnerabilities have been found and fixed in the software that implements the Network Time Protocol (NTP). These vulnerabilities range from memory corruption issues to conditions in which attackers can force an NTP daemon to adjust the local clock setting to a value that is maliciously influenced through an authentication bypass vulnerability.

Background (From CVE Project)
October 2015 NTP Security Vulnerability Announcement (Medium)

Published: 21-Oct-2015
CVSS Severity: Medium

Impact 

The successful modification of system time by an attacker can function as an enabler for other attacks - particularly against time based authentication schemes.
Products Potentially Affected
The following is the vulnerability status of the software products supported by Extreme Networks for this issue:
 
ExtremeXOS (all products)Fixed    
A, B, C, D, G, I and 800 Series Fixed SwitchesNo 
IDS/IPS  No
IdentiFi WirelessFixed
N, K, SSA, and S Modular SwitchesNo 
NetSight Fixed
NAC (IA) Fixed
PurviewFixed
Ridgeline No
Security Information & Event Manager InvestigatingInvestigating 
Summit WM3000 SeriesYes
X-Series Secure Core Router  Investigating 
XSR (X-Pedition Security Router)   Investigating 


 
 
 
Impact Details
ExtremeXOS (all products)
  • Vulnerable Yes/No: Yes  - Fixed
  • Vulnerable Component:  NTP 
  • Describe conditions when component Vulnerability occurs (why/when/how): 
  • ​Product version(s) affected:  ALL
  • Workaround: No workaround is available, but risk of exploitation can be minimized by restricting ntp host access to trusted sources only.
  • Fixed In:   EXOS  21.1.1,  16.2.1, 16.1.2 Patch 1-2,  15.7.3 Patch 1-1, 15.6.4 Patch 1-2
A, B, C, D, G, I and 800 Series Fixed Switches
  • Vulnerable Yes/No: No
ExtremeWare
  • Vulnerable: TBD
IDS/IPS
  • Vulnerable: No
IdentiFi Wireless​
Extreme Networks Wireless Controllers:
  • Vulnerable: Fixed
  • Vulnerable Component: NTPD
  • Describe conditions when component Vulnerability occurs(why/when/how): TBD
  • Product version(s) affected: all supported versions
  • Workaround: All management protocols including NTP should be run over a secure VLAN used exclusively for network management.
  • Fixed In: v10.11.01
Extreme Networks Wireless 26xx series APs
  • Vulnerable Yes/ No: NO - These APs do not use NTP
  • Vulnerable Component: NA
  • Describe conditions when component Vulnerability occurs(why/when/how): N/A
  • Product version(s) affected: None
  • Workaround: NA
  • Target Fix Release: NA
The following statement applies to the Extreme Networks Wireless 36xx, 37xx and 38xx series APs
  • Vulnerable Yes/ No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how): N/A
  • Product version(s) affected: NA
  • Workaround: NA
  • Target Fix Release: NA
N, K, SSA, and S Modular Switches
  • Vulnerable: No    (Product uses SNTP, not NTP)
NetSight
  • Vulnerable: Yes  - Fixed
  • Vulnerable Component: NetSight appliance
  • Describe conditions when component Vulnerability occurs (why/when/how):
  • If ntpd on the NetSight server is active, the system time could be adjusted maliciously by unauthenticated ephemeral symmetric peers.
  • Product version(s) affected: Versions 6.0 – 6.3
  • Workaround: Implement ingress and Egress filtering through BCP38.
  • Fixed In: 7.0.3
NAC
  • Vulnerable: Yes  - Fixed
  • Vulnerable Component: NAC appliance
  • Describe conditions when component Vulnerability occurs (why/when/how):
  • If ntpd on the NetSight server is active, the system time could be adjusted maliciously by unauthenticated ephemeral symmetric peers.
  • Product version(s) affected: Versions 6.0 – 6.3
  • Workaround: Implement ingress and Egress filtering through BCP38.
  • Fixed In: 7.0.3
Purview
  • Vulnerable: Yes  - Fixed
  • Vulnerable Component: Purview appliance
  • Describe conditions when component Vulnerability occurs (why/when/how):
  • If ntpd on the NetSight server is active, the system time could be adjusted maliciously by unauthenticated ephemeral symmetric peers.
  • Product version(s) affected: Versions 6.0 – 6.3
  • Workaround: Implement ingress and Egress filtering through BCP38.
  • Fixed In: 7.0.3
Ridgeline
  • Vulnerable: No
Security Information & Event Manager
  • Vulnerable: TBD
Summit WM3000 Series
  • Vulnerable: Yes  
  • Vulnerable Component: NTP
  • Conditions when vulnerable: See associated CVE's
  • Workaround: investigating
  • Target Fix Release: tbd
  • Target month for fix: tbd
X-Series Secure Core Router
  • Vulnerable: TBD
XSR (X-Pedition Security Router)
  • Vulnerable: TBD
Repair Recommendations
The resolution to any threat or issue is dependent upon a number of things, including the setup of the computer network and how the local IT team wants to address the situation. Accordingly, in addition to updating the software as recommended in this document, the local IT team will need to analyze and address the situation in a manner that it determines will best address the set-up of its computer network. 
Update the software, identified in this Notice, in your Extreme Networks products by replacing it with the latest releases from Extreme Networks including those listed above. 

Firmware and software can be downloaded from www.extremenetworks.com/support
Legal Notice
This advisory notice is provided on an “as is” basis and Extreme Networks makes no representations or warranties of any kind, expressly disclaiming the warranties of merchantability or fitness for a particular use. Use of the information provided herein or materials linked from this advisory notice is at your own risk. Extreme Networks reserves the right to change or update this document at any time, and expects to update this document as new information becomes available. The information provided herein is applicable to current Extreme Networks products identified herein and is not intended to be any representation of future functionality or compatibility with any third-party technologies referenced herein. This notice shall not change any contract or agreement that you have entered into with Extreme Networks. 

Revision History

Rev. No.Date ModifiedDescription / Milestone
1.029-Oct-2015First release.
2.030-Oct-2015Added EXOS fix release information
3.0
 
3-Nov-2015
 
Updated A, B, C, D, G, I, 800 fixed switches, IdentiFi Wireless, NAC, Ridgeline, Summit WM3000 series
4.020-Nov-2015Updated XOS release info
This notice was imported into GTAC Knowledge on 11-Jan-2016.  
 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255