Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Several Vulnerabilities Patched in NTP Daemon

A new version of the Network Time Protocol daemon (ntpd) released this week by the NTP Project patches several low and medium severity vulnerabilities.

A new version of the Network Time Protocol daemon (ntpd) released this week by the NTP Project patches several low and medium severity vulnerabilities.

The NTP Project’s advisory describes a total of nine new vulnerabilities reported by researchers at Cisco and Chinese antivirus company Qihoo 360. Seven of these flaws have been patched with the release of ntp-4.2.8p7. The remaining two will be fully resolved in an upcoming release, but mitigations have been made available.

Cisco found five of the new ntpd vulnerabilities as part of its contribution to the Linux Foundation’s Core Infrastructure Initiative. According to the company, the issues reported by its researchers can be leveraged to cause a denial-of-service (DoS) condition or alter the time via specially crafted UDP packets.

One of the vulnerabilities reported by Cisco, CVE-2016-1550, is an authentication issue that allows an attacker to send spoofed NTP packets that are accepted as valid by the recipient.

Another flaw, tracked as CVE-2016-1551, is related to the fact that ntpd implicitly trusts reference clock NTP traffic from an IP address in the 127.127.0.0/16 range. This allows an attacker to send spoofed packets apparently coming from this range, establish themselves as a trusted peer, and alter the time on the targeted system.

CVE-2016-1549 has been described by Cisco as an NTP ephemeral association sybil vulnerability that can also be leveraged to alter the time. The flaw can be used in combination with CVE-2016-1550.

Cisco researchers also discovered a flaw, identified as CVE-2016-1547, that can be leveraged for DoS attacks by sending spoofed crypto-NAK packets apparently coming from a legitimate peer in an effort to interrupt the association of peer ntpd systems.

Finally, Cisco experts identified a security hole, tracked as CVE-2016-1548, that allows an attacker to set an arbitrary time on a targeted client by sending a specially crafted packet that forces the client to switch from basic client-server mode to interleaved mode. This and the sybil vulnerability will be fully patched in an upcoming release.

Advertisement. Scroll to continue reading.

The other new vulnerabilities patched this week have the following CVE identifiers: CVE-2016-2516, CVE-2016-2517, CVE-2016-2518 and CVE-2016-2519.

A couple of the issues patched with the release of ntp-4.2.8p7 were partially fixed in mid-January in version ntp-4.2.8p6.

Malicious actors have abused NTP over the past years for DDoS attack reflection and amplification. Arbor Networks’ latest Annual Worldwide Infrastructure Security Report shows that NTP is the second most commonly used protocol for reflection/amplification, after DNS.

Related: New NTP Vulnerabilities Put Networks at Risk

Related: Recently Patched NTP Flaws Affect Siemens RUGGEDCOM Devices

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.