News from 2016-06-28


Meinberg Security Advisory: [MBGSA-1604] WebUI and NTP


Independent researcher Ryan Wincey has identified security vulnerabilities in Meinberg's LTOS6 web user interface.

The issues have been reported to Meinberg by the security researcher, triggering immediate action on the vendors side. In close cooperation with Mr. Wincey the Meinberg software R&D team identified the problem and created a fix for it. Shortly afterwards the Network Time Foundation released NTP 4.2.8p8 fixing one high and four low severity vulnerabilities in the reference implementation of NTP.


CVE-IDs:

Meinberg WebUI: CVE-2016-3962, CVE-2016-3988, CVE-2016-3989

NTP: CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-4957

1. Description of the Problem

The stack overflow and privilege escalation vulnerabilities identified in the web interface of Meinberg LTOS6 based products may allow escalation to super user privileges, allowing to modify a script that should only be modified by a super user account. In order to exploit this vulnerabilities, network access to the web interface of the LANTIME/SyncFire device is required.

The NTP project of the Network Time Foundation recently released ntp-4.2.8p8, patching a number of low severity vulnerabilities and one high severity vulnerability. According to cert.org, due to the vulnerabilities unauthenticated, remote attackers may be able to spoof or send specially crafted packets to create denial of service conditions.

Meinberg therefore strongly recommends to update your LANTIME devices as soon as possible by installing LTOS 6.20.005 (a download link can be requested below).

2. Affected Systems

All LANTIME, SyncFire and LCES Firmware Versions before 6.20.005 are affected by these vulnerabilities.

3. Possible Defense Strategies

Meinberg Products

The fixes for all the described vulnerabilites are included in 6.20.005 which is available as of today.

Meinberg LANTIME Firmware Updates

For V5 versions and all V6 versions we strongly recommend to update to 6.20.005 as soon as possible. Please contact your Meinberg support for assistance or in case of questions.

Windows NTP Installations

Meinberg provides a free of charge NTP installer which is available from our NTP for Windows download page. The latest version already installs NTP 4.2.8p8, the installer will ask you if you want to only update the binaries if it detects an existing installation. It is sufficient to use this quick update function in order to install 4.2.8p8 and therefore fix the vulnerabilities.

Other NTP Installations

Please contact your OS vendor to find out how to protect your systems and how to update to ntp-4.2.8p8, if possible.

4. Additional Information Sources

More about this topic can be found on the following websites:


ICS-CERT Advisory describing the vulnerabilities affecting Meinberg NTP servers
CERT.org Vulnerability Note VU#321640 covering the NTP vulnerabilities
SecurityWeek News Article about the vulnerabilities of Meinberg NTP Servers

Please do not hesitate to reach out to your Meinberg support contact if you need further assistance or have additional questions.


Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact