Sanchayani

Title :Remote Code Execution Flaws in NTP Protocol


Blogger :पूजा


SUbject :Information Security Awareness



likes:2 dislike:0


Vulnerability has been reported in Network Time Protocol that could lead to remote code execution.

Worse still, NTP can be used easily in "reflection attacks" to initiate distributed denial of service (DDoS)

attacks. NTP is used across the Internet to set the clocks of essentially all connected computer clocks.

Severity:
HIGH

Impact:
Successful exploitation could allow a remote attacker to send a carefully crafted packet that can overflow

a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd

process.
The NTP protocol uses keys to implement authentication. The weak seeding of the pseudo-random

number generator makes it easier for an attacker to brute-force keys, and thus may broadcast incorrect

time stamps or masquerade as another time server.

An attacker may be able to utilize the buffer overflow to crash the ntpd(8) daemon or potentially run

arbitrary code with the privileges of the ntpd(8) process, which is typically root.

Affected operating system:

• NTP prior to 4.2.8

• Apple

• EfficientIP

• FreeBSD

• NTP Project

• Huawei Technologies

• OmniTI

• Watchguard Technologies, Inc.

Solution

Kindly upgrade NTP to its latest version (NTP Version 4.2.8).