NTPD Vulnerabilities

Advisory ID: 16-0004
Publish Date: 2016-03-07
Revision: 1.1 (updated 2016-05-02)

Summary

Multiple low and medium-risk vulnerabilities were identified in an open source NTP package used by certain Mitel products.

Detailed Description

It was discovered that in some cases, ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntp client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client, which could result in a denial of service.

Affected Products

The following products have been identified as being affected (updated 2016-05-02):

Product Name  Product Versions  Security Bulletin Last Updated 
Oria  Oria 4.0, 4.0 SP1
(4.0.39.0, 4.0.112.0)
 16-0004-002  2016-05-02
MiVoice5000
5.4, 6.1, 6.2
 16-0004-007 2016-03-07 
MiVoice5000 Manager
5.4, 6.1, 6.2
16-0004-007
2016-03-07 
Mitel5000 Compact
5.4, 6.1, 6.2
16-0004-007  2016-03-07
MiVoice5000 Gateway
2.4, 3.1, 3.2
16-0004-008
2016-03-07
MBG
9.1, 8.1
16-0004-001 2016-03-07 
MiCollab AWV
5.0.4.19, 5.0.5.7
16-0004-005
 2016-03-07
MiCollab MAS/SAS/vMas
6.0, 7.0
16-0004-006
2016-03-07
MiCollab MCA
5.x, 6.x
16-0004-004
2016-03-07
MiVB-X7.0
 7.0
16-0004-004
 2016-03-07
MiVoice Business for Industry Standard Server and VMware Virtual Appliance
6.0 and earlier
16-0004-003
 2016-03-07
 MiVoice Business for Stratus  Versions based on RedHat Linux 6.3  16-0004-003
 2016-03-07
 MiVoice Business for Multi-instance platform - Server Manager  1.2 and earlier
 16-0004-003
 2016-03-07
 NPM
 NPM 7 SP1 & SP2 
(17.1.0.11, 17.2.0.3)
 16-0004-005
 2016-03-07

 

This list will be updated with additional information as it becomes available.

Products Under Investigation

The following products are being evaluated to determine potential exposure and risk (updated 2016-05-02):

Product Name
340w and 342w

6700i, 6800i (Praxis) Series SIP Phones

74XXip (H323 terminal family)

9000i Series (9480i, 9143i, 9133i, 9112i) SIP Phones

A1023i

AM7450 Management Center

BluStar 8000i

BluStar Client (PC)

BluStar Server

Centergy Virtual Contact Center

Clearspan (Acme Packet Core SBC)

Clearspan (AudioCodes eSBC / Gateway)

Clearspan (Broadworks Platform)

Clearspan (Edgewater eSBC)

Comdasys Convergence 4675

Comdasys Convergence 6719

Dialog 5446ip, 4XXXip (H323 terminal family)

Enterprise Manager

FMC Controller (Comdasys MC Controller, Mitel Mobile Client Controller)

FMC Controller for Intelligate

MiCollab NuPoint (Speech Auto Attendant, Unified Messaging)

MiContact Center Live

MiContact Center Office

MiContact Center Outbound

Mitel 700

Mitel Alarm Server

Mitel MMC Android

MiVoice 5602/5603/5604/5606/5607 IP DECT phones (DT390, DT690, DT692, DT292, DT590) (Ascom OEM)

MiVoice 5624 WiFi Phone (Ascom OEM)

MiVoice Conference Unit (UC360)

MiVoice Digital Phones 8528, 8568

MiVoice for Lync

MiVoice IP DECT Base Station (IPBS 433/434/430/440) (Ascom OEM)

MiVoice IP Phones 5560, 5505

MiVoice MX-ONE

MiXML server

MX-ONE Manager (Provisioning)

MX-ONE Manager (Telephony System)

MX-ONE Media Gateway Unit

MX-ONE Telephony Server

MiCollab Advanced Messaging

PointSpan

Redirection and Configuration Service (RCS)

S850i (Revolabs OEM)

TA7102i / TA7104i

vMCD

WSM, WSM-3 (CPDM 3) (Ascom OEM)

This list will be updated with additional information as it becomes available

Products not Affected

The following products have been identified as not being affected as they do not use the affected component (updated 2016-05-02):

Product Name

3250

5300 series digital

5550 IP Console

Aastra 1560ip

Aastra 2380ip

Aastra 5300ip

BluStar Android

BluStar iOS

CMG

Comdasys MC Client Android

Comdasys MC Client iOS

CT Gateway

D.N.A. Application Suite

DECToverIP (Mitel 100 | OpenCom 100)

DECToverIP (OC1000)

ER Adviser

InAttend

MiCollab Client (Desktop/Web)

MiCollab Mobile Client (Android)

MiCollab Mobile Client (iOS)

MiContact Center Business

MiContact Center Enterprise

MiContact Center for Microsoft Lync

Mitel 800

Mitel MMC iOS

MiVoice Business - MCD (PPC)

MiVoice 5610 DECT Handset and IP DECT Stand

MiVoice Business Console

MiVoice Business Dashboard (CSM)

MiVoice Call Accounting

MiVoice Call Recording

MiVoice IP Phones 53xx, 5540

MiVoice Office 250 (Mitel 5000)

MiVoice Office 400

MX-ONE Manager (System Performance)

MX-ONE Manager Availability

Oaisys Talkument

Oaisys Tracer

OIG

Open Interfaces Platform (OIP, OIP WebAdmin)

OpenCom 1000 family

OpenPhone 7x IP

Secure IP Remote Management SRM

SIP-DECT

SIP-DECT Open Mobility Manager

SIP-DECT with Cloud-ID

Solidus eCare

SX-200IP ICP

Telephony Switch (TSW)

Telepo

This list will be updated with additional information as it becomes available.

Risk Assessment

The reported vulnerabilities have varied levels of risk.  Mitel considers CVE-2015-8138 to present a moderate risk to environments where NTP time sources are not trusted.

Mitigation / Recommended Action

Please refer to the product-specific Security Bulletins for mitigation and recommendations.  

External References

http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit

 



























Ready to talk to sales? Contact us.