Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Several Vulnerabilities Patched in NTP Daemon

A new version of the Network Time Protocol daemon (ntpd) released this week by the NTP Project patches several low and medium severity vulnerabilities.

A new version of the Network Time Protocol daemon (ntpd) released this week by the NTP Project patches several low and medium severity vulnerabilities.

The NTP Project’s advisory describes a total of nine new vulnerabilities reported by researchers at Cisco and Chinese antivirus company Qihoo 360. Seven of these flaws have been patched with the release of ntp-4.2.8p7. The remaining two will be fully resolved in an upcoming release, but mitigations have been made available.

Cisco found five of the new ntpd vulnerabilities as part of its contribution to the Linux Foundation’s Core Infrastructure Initiative. According to the company, the issues reported by its researchers can be leveraged to cause a denial-of-service (DoS) condition or alter the time via specially crafted UDP packets.

One of the vulnerabilities reported by Cisco, CVE-2016-1550, is an authentication issue that allows an attacker to send spoofed NTP packets that are accepted as valid by the recipient.

Another flaw, tracked as CVE-2016-1551, is related to the fact that ntpd implicitly trusts reference clock NTP traffic from an IP address in the 127.127.0.0/16 range. This allows an attacker to send spoofed packets apparently coming from this range, establish themselves as a trusted peer, and alter the time on the targeted system.

CVE-2016-1549 has been described by Cisco as an NTP ephemeral association sybil vulnerability that can also be leveraged to alter the time. The flaw can be used in combination with CVE-2016-1550.

Cisco researchers also discovered a flaw, identified as CVE-2016-1547, that can be leveraged for DoS attacks by sending spoofed crypto-NAK packets apparently coming from a legitimate peer in an effort to interrupt the association of peer ntpd systems.

Finally, Cisco experts identified a security hole, tracked as CVE-2016-1548, that allows an attacker to set an arbitrary time on a targeted client by sending a specially crafted packet that forces the client to switch from basic client-server mode to interleaved mode. This and the sybil vulnerability will be fully patched in an upcoming release.

Advertisement. Scroll to continue reading.

The other new vulnerabilities patched this week have the following CVE identifiers: CVE-2016-2516, CVE-2016-2517, CVE-2016-2518 and CVE-2016-2519.

A couple of the issues patched with the release of ntp-4.2.8p7 were partially fixed in mid-January in version ntp-4.2.8p6.

Malicious actors have abused NTP over the past years for DDoS attack reflection and amplification. Arbor Networks’ latest Annual Worldwide Infrastructure Security Report shows that NTP is the second most commonly used protocol for reflection/amplification, after DNS.

Related: New NTP Vulnerabilities Put Networks at Risk

Related: Recently Patched NTP Flaws Affect Siemens RUGGEDCOM Devices

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

More People On The Move

Expert Insights