Vulnerability in NTP (ntpd)

Network Time Protocol (NTP) is a networking protocol for clock synchronization among computers and network devices. A denial of service vulnerability has been found in the popular NTP implementation ntpd.

The vulnerability is related to the handling of NTP control messages. An attacker could cause a denial of service condition in the ntpd service by sending it a specially crafted configuration message. Remote configuration is disabled by default in ntpd.

Vulnerability coordination

The vulnerability was discovered by Aleksis Kauppinen of the Codenomicon CROSS project. NCSC-FI would like to thank Codenomicon and the NTP project for participating in the vulnerability coordination.

  • Servers and server applications
  • Workstations and end-user applications
  • Network devices
  • Mobile communications systems
  • Embedded systems
  • Others

Target

  • Servers and server applications
Further information +

Attack vector

  • Locally
Further information on the access vector +

Impact

  • Denial-of-service attack
Further information on the impact +

Remediation

  • Software update patch
Further information on the remediation +

Vulnerable software:

  • NTP 4.2 before 4.2.8p3-RC1
  • NTP 4.3 before 4.3.25

Possible solutions and restrictive measures:

Upgrade the vulnerable software in accordance with instructions from the vendor or the operating system distributor.

Further information:

Contact Information

NCSC-FI Vulnerability Coordination can be contacted as follows:

Email:

vulncoord@ficora.fi

Please quote the advisory reference [FICORA #829967] in the subject line.

Telephone:

+358 295 390 230

Monday - Friday 08:00 - 16:15 (EET: UTC+2)

Post:

Vulnerability Coordination

FICORA / NCSC-FI

P.O. Box 313

FI-00181 Helsinki

FINLAND

NCSC-FI encourages those who wish to communicate via email to make use of our PGP key. The key is available at

https://www.viestintavirasto.fi/attachments/tietoturva/pgpavaimet/CERT-FI_Vulncoord.txt

The NCSC-FI vulnerability coordination policy is available at

https://www.viestintavirasto.fi/en/informationsecurity/ficorasinformationsecurityservices/vulnerabilitycoordination.html

Update history


Key words: Information security, Internet, CERT, Vulnerability coordination


LinkedIn Print