Toggle navigation
Sanchayani
About
Services
Contact
Login
Registration
Title :Remote Code Execution Flaws in NTP Protocol
Blogger :पूजा
SUbject :Information Security Awareness
likes:2 dislike:0
Vulnerability has been reported in Network Time Protocol that could lead to remote code execution.
Worse still, NTP can be used easily in "reflection attacks" to initiate distributed denial of service (DDoS)
attacks. NTP is used across the Internet to set the clocks of essentially all connected computer clocks.
Severity:
HIGH
Impact:
Successful exploitation could allow a remote attacker to send a carefully crafted packet that can overflow
a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd
process.
The NTP protocol uses keys to implement authentication. The weak seeding of the pseudo-random
number generator makes it easier for an attacker to brute-force keys, and thus may broadcast incorrect
time stamps or masquerade as another time server.
An attacker may be able to utilize the buffer overflow to crash the ntpd(8) daemon or potentially run
arbitrary code with the privileges of the ntpd(8) process, which is typically root.
Affected operating system:
• NTP prior to 4.2.8
• Apple
• EfficientIP
• FreeBSD
• NTP Project
• Huawei Technologies
• OmniTI
• Watchguard Technologies, Inc.
Solution
Kindly upgrade NTP to its latest version (NTP Version 4.2.8).