|
 |
|
Shop
You are here: News > News > NTPD Service Suffers From Buffer Overflow
| » IT Security NEWS |
| » 19 May 2009 |
| NTPD Service Suffers From Buffer Overflow |
| A buffer overflow in NTPD, the Network Time Protocol's (NTP) daemon and open source implementation, can allow a hacker to remotely compromise or even crash a system. The vulnerability is caused by the use of the susceptible C function sprintf in crypt_recv in ntpd/ntp_crypto.c. After manipulating the server responses, the attacker makes it possible to trigger a buffer overflow. On the other hand, the attack can only become successful if Autokey is enabled and if NTPD is running with OpenSSL support. The United States Computer Emergency Response Team (US-CERT) clarified that the main symptom of this vulnerable configuration is an entry crypto pw password in the ntp.conf file, where the password is the configured password. To be clear, the NTP was designed to provide precise and synchronized time across the worldwide web. Using NTP to manage and coordinate your system clock is effective and efficient because it uses a methodical and hierarchical client-server model. At the summit of its hierarchy, there are a small number of machines known as reference clocks. A reference clock, also known as stratum 0, is usually a cesium clock or a GPS (Global Positioning System) that gets its time data from satellite feeds. Attached to these clocks are the purported stratum 1 servers (i.e. stratum 0 clients) that are the top-tier time servers available to the Internet. NTP's time accuracy is achieved through its rank-based structure. There are a few stratum 1 servers that are indicated by stratum 2 servers, which are then indicated by stratum 3 servers, which are then indicated by stratum 4 servers and so forth. NTP servers running in the same stratum can be referenced with others in a peer-to-peer basis. That way, they may choose who has the higher accuracy of time and then synchronize to the stratum which is most precise. Of course, despite its preciseness, scalability, and fault tolerance, the protocol daemon is still vulnerable to buffer overflow via online manipulation of the C function sprintf. Updating the utility to NTP 4.2.4p7 should correct the error. A recent NTP update is a revised version of the NTP daemon that also corrects the buffer overflow in NTPQ, the NTP query daemon. The US-CERT surmises that the NTPD fault has been confirmed by FreeBSD, Red Hat, and Debian. New packages containing patches to the bug are available, but they have not yet been distributed. As such, other manufacturers may still be affected by the vulnerability. If you can't update your NTPD, then you should just switch off the Autokey function via removal of the crypto pw line from ntp.conf. |
 |
 |
Awards & Reviews | |||||
|
||||||
|
|
Subscribe to our Mailing List |
|
|
|
|
Customer References | |
|
||
