NTP Bug 2879

Improve NTP security against buffer comparison timing attacks

  • Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
  • References: Sec 2879 / CVE-2016-1550 / VU#718152
  • Affects: All ntp-4 releases up to, but not including 4.2.8p7, and 4.3.0 up to, but not including 4.3.92
  • CVSS2: LOW 2.6 (AV:L/AC:H/Au:N/C:P/I:P/A:N)
  • CVSS3: MED 4.0 (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
  • Summary: Packet authentication tests have been performed using memcmp() or possibly bcmp(), and it is potentially possible for a local or perhaps LAN-based attacker to send a packet with an authentication payload and indirectly observe how much of the digest has matched.
  • Mitigation:
  • Credit: This weakness was discovered independently by Loganaden Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.

This topic: Main > SecurityNotice > NtpBug2879
Topic revision: r1 - 2016-04-27 - 02:37:19 - HarlanStenn
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback