Vulnerability Notice. Symmetric Key NTP. Summary. Background (From CVE Project) Impact

Transcription

1 Vulnerability tice Symmetric Key NTP Summary The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-inthe-middle attackers to spoof packets by omitting the MAC. The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. Background (From CVE Project) CVE Published: 4/8/2015 CVSS Severity: 1.8 CVE Published: 4/8/2015 CVSS Severity: 4.3 Impact Potential Man in the Middle packet spoofing attack Owner: Serviceability Page 1 of 5

2 Products Potentially Affected The following is the vulnerability status of the software products supported by Extreme Networks for this issue: ExtremeXOS (all products) A, B, C, D, G, I and 800 Series Fixed Switches ExtremeWare IDS/IPS IdentiFi Wireless N, K, SSA, and S Modular Switches NetSight / NAC (IA) / Purview Ridgeline Security Information & Event Manager Investigating Summit WM3000 Series X-Series Secure Core Router Investigating XSR (X-Pedition Security Router) Impact Details ExtremeXOS (all products) Vulnerable: Yes Vulnerable Component: NTP Conditions when component vulnerability occurs: CVE Authentication bypass vulnerability due to incorrect validation of mac field. CVE Possible Dos attack due to incorrect state-variable updates upon receiving certain invalid packets. Product version(s) affected: All EXOS versions Workaround: workaround is available, but system not running ntpd will be safe from this vulnerability. Risk of exploitation can be minimized by restricting ntp host access to trusted sources only. Target Fix Release: EXOS Target Month for Fix Release: January 2016 A, B, C, D, G, I and 800 Series Fixed Switches Vulnerable: Unsupported protocol ExtremeWare IDS/IPS Vulnerable: Extremeware does not have NTPD feature Vulnerable: Yes Vulnerable Component: NTP service on Dragon Appliance Conditions when component Vulnerability occurs (Why/When/How): o CVE A vulnerability in the message authentication code (MAC) validation routine of ntpd Owner: Serviceability Page 2 of 5

3 could allow an unauthenticated, remote attacker to bypass the NTP authentication feature. This could cause the time on the host to not be o Workaround: Limiting access to NTP host to only trusted sources will reduce risk of exposure. Target Fix Release: TBD Target Month for Fix Release: TBD IdentiFi Wireless Wireless Controller Vulnerable: Yes Vulnerable Component: NTPD Describe conditions when component Vulnerability occurs: As described in the two CVEs. Product version(s) affected: all supported versions Workaround: All management protocols including NTP should be run over a secure VLAN used exclusively for network management. Target Fix Release: TBD Target Month for Fix Release: TBD Wireless 26xx series AP s and 36xx, 37xx, and 38xx series AP s Vulnerable: N, K, SSA, and S Modular Switches Vulnerable: NetSight / NAC (IA) / Purview NetSight Vulnerable: Yes Vulnerable Component: NTP service on NetSight Appliance Describe conditions when component Vulnerability occurs: CVE A vulnerability in the attacker to bypass the NTP authentication feature. This could cause the time on the host to not be Workaround: Limiting access to NTP host to only trusted sources will reduce risk of exposure. Target Fix Release: 6.3 Target Month for Fix Release: August 2015 NAC Vulnerable: Yes Vulnerable Component: NTP service on NAC Appliance Describe conditions when component Vulnerability occurs: CVE A vulnerability in the Owner: Serviceability Page 3 of 5

4 attacker to bypass the NTP authentication feature. This could cause the time on the host to not be Workaround: Limiting access to NTP host to only trusted sources will reduce risk of exposure. Target Fix Release: 6.3 Target Month for Fix Release: August 2015 Purview Vulnerable: Yes Vulnerable Component: NTP service on Purview Appliance Describe conditions when component Vulnerability occurs: CVE A vulnerability in the attacker to bypass the NTP authentication feature. This could cause the time on the host to not be Workaround: Limiting access to NTP host to only trusted sources will reduce risk of exposure. Target Fix Release: 6.3 Target Month for Fix Release: August 2015 Ridgeline Vulnerable: Security Information & Event Manager Vulnerable: TBD Summit WM3000 Series Vulnerable: Yes Vulnerable Component: NTP Describe conditions when component Vulnerability occurs: See CVE , CVE Workaround: N/A Target Fix Release: TBD Target Month for Fix Release: TBD X-Series Secure Core Router Vulnerable: TBD XSR (X-Pedition Security Router) Vulnerable: Owner: Serviceability Page 4 of 5

5 Repair Recommendations The resolution to any threat or issue is dependent upon a number of things, including the setup of the computer network and how the local IT team wants to address the situation. Accordingly, in addition to updating the software as recommended in this document, the local IT team will need to analyze and address the situation in a manner that it determines will best address the set-up of its computer network. Update the software, identified in this tice, in your Extreme Networks products by replacing it with the latest releases from Extreme Networks including those listed above. Firmware and software can be downloaded from Legal tice This advisory notice is provided on an as is basis and Extreme Networks makes no representations or warranties of any kind, expressly disclaiming the warranties of merchantability or fitness for a particular use. Use of the information provided herein or materials linked from this advisory notice is at your own risk. Extreme Networks reserves the right to change or update this document at any time, and expects to update this document as new information becomes available. The information provided herein is applicable to current Extreme Networks products identified herein and is not intended to be any representation of future functionality or compatibility with any third-party technologies referenced herein. This notice shall not change any contract or agreement that you have entered into with Extreme Networks. Revision History Rev.. Date Modified Description / Milestone May 2015 First release May 2015 Update Netsight, NAC and IDS Jun 2015 Update Ridgeline Jun 2015 Update Summit WM3000 Series, Correct Revision History Rev Aug 2015 Update Purview Target Release and Target Month, XSR (X-Pedition Security Router) to not vulnerable Owner: Serviceability Page 5 of 5