This article is more than 1 year old
'Malicious time source' can poison Network Time Protocol
Think of this as an evil TARDIS dropping servers into a time rift
Get busy, sysadmins, there's a bunch of network time protocol (NTP) bugs to squash.
The bugs were turned up in a code audit by Cisco's Talos business (which can surely feel the coals of hell being heaped upon its head for working in a Back to the Future joke in the bug-branding).
Talos has been working on the code base of the venerable time-synch daemon, the "speaking clock" of the Internet, as Cisco's contribution to the Internet Foundation's Core Infrastructure Initiative.
The BttF reference is in the lead vulnerability, NAK to the Future: NTP symmetric association authentication bypass vulnerability.
An error in NTP's crypto-NAK packet handling means an attacker can force someone's ntpd process to peer with a "malicious time source" and fool around with their system clocks.
The company also turned up:
- Integer overflows that crash the daemon.
- A use-after-free bug and a buffer overflow in NTP's password manager.
- Remote attackers can create a denial-of-service by sending a malicious configuration file to the target.
- A VMS-specific directory traversal bug.
- An off-by-one error in NTPQ.
- A buffer overflow bug in the daemon.
The NTP Project says users should immediately install ntp-4.2.8p4 to get the fix, and implement BCP 38 ingress and egress filtering. ®