Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Network Security

Several DoS Vulnerabilities Patched in NTP

The CERT Coordination Center and the Network Time Foundation announced on Monday the availability of NTP 4.2.8p9, which includes nearly 40 security patches, bug fixes and improvements.

The CERT Coordination Center and the Network Time Foundation announced on Monday the availability of NTP 4.2.8p9, which includes nearly 40 security patches, bug fixes and improvements.

The latest version of the Network Time Protocol daemon (ntpd) addresses a total of ten security holes. The most serious of them, tracked as CVE-2016-9312 and rated “high severity,” has been described as an oversized UDP packet denial-of-service (DoS) issue that only affects Windows.

“If a vulnerable instance of ntpd on Windows receives a crafted malicious packet that is ‘too big’, ntpd will stop working,” CERT and NTF wrote in their advisories.

NTP 4.2.8p9 also patches two medium, two medium-low, and five low severity vulnerabilities. One of the medium severity flaws (CVE-2016-9310) affects the control mode (mode 6) functionality of ntpd and it can be exploited by a remote, unauthenticated attacker.

“If, against long-standing BCP recommendations, ‘restrict default noquery’ is not specified, a specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, disabling legitimate monitoring,” reads a description of the vulnerability.

The second medium severity flaw (CVE-2016-7431) is related to a regression in the handling of some Zero Origin timestamp checks.

Matthew Van Gundy of Cisco, Magnus Stubman, Miroslav Lichvar of Red Hat, Brian Utterback of Oracle, Robert Pajak of ABB, and Sharon Goldberg and Aanchal Malhotra of Boston University have been credited for reporting these issues.

Advertisement. Scroll to continue reading.

While NTP is a widely used protocol, the project, primarily maintained by Harlan Stenn, has been having some financial problems. The Network Time Foundation has asked people to make donations and support the project as much as possible.

“We would have preferred to give much more notice to our members and CERT, however, NTF’s NTP project remains severely under-funded. Google was unable to sponsor us this year and, currently, the Linux Foundation’s Core Internet Initiative only supports Harlan for about 25% of his hours per week and is restricted to NTP development only,” the organization stated.

Earlier this year, researchers from China-based security firm Qihoo 360 warned that attackers can remotely change the time on NTP servers over long distances using inexpensive devices.

UPDATE. Stubman has published a proof-of-concept (PoC) exploit for the low-severity issue he discovered.

Related: Severe Vulnerabilities Found in Meinberg NTP Servers

Related: High Severity DoS Vulnerability Patched in NTP

Related: Several Vulnerabilities Patched in NTP Daemon

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...