r1 - 2016-01-20 - 11:39:28 - HarlanStennYou are here: NTP >  Main Web > SecurityNotice > NtpBug2936
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p8 was released on 02 June 2016. It addresses 1 high- and 4 low--severity security issues, 4 bugfixes, and contains other improvements over 4.2.8p7.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

NTP Bug 2936

Skeleton Key: Any trusted key system can serve time

  • Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
  • References: Sec 2936 / CVE-2015-7974
  • Affects: All ntp-4 releases up to, but not including 4.2.8p6, and 4.3.0 up to, but not including 4.3.90
  • CVSS: (AV:N/AC:H/Au:S/C:N/I:C/A:N) Base Score: 4.9
  • Summary: Symmetric key encryption uses a shared trusted key. The reported title for this issue was "Missing key check allows impersonation between authenticated peers" and the report claimed "A key specified only for one server should only work to authenticate that server, other trusted keys should be refused." Except there has never been any correlation between this trusted key and server v. clients machines and there has never been any way to specify a key only for one server. We have treated this as an enhancement request, and ntp-4.2.8p6 includes other checks and tests to strengthen clients against attacks coming from broadcast servers.
  • Mitigation:
    • Implement BCP-38.
    • If this scenario represents a real or a potential issue for you, upgrade to 4.2.8p6, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page, and use the new field in the ntp.keys file that specifies the list of IPs that are allowed to serve time. Note that this alone will not protect against time packets with forged source IP addresses, however other changes in ntp-4.2.8p6 provide significant mitigation against broadcast attacks. MITM attacks are a different story.
    • If you are unable to upgrade:
      • Don't use broadcast mode if you cannot monitor your client servers.
      • If you choose to use symmetric keys to authenticate time packets in a hostile environment where ephemeral time servers can be created, or if it is expected that malicious time servers will participate in an NTP broadcast domain, limit the number of participating systems that participate in the shared-key group.
    • Monitor your ntpd instances.
  • Credit: This weakness was discovered by Matt Street <mastreet@cisco.com> of Cisco ASIG.
Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2016 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback