NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p10 was released on 21 March 2017. It addresses 6 medium- and 5 low-severity security issues, 4 informational security topics, 15 bugfixes, and contains other improvements over 4.2.8p9.

Please see the NTP Security Notice for vulnerability and mitigation details.

---

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

NTP Bug 3012

Sybil vulnerability: ephemeral association attack

• Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
• References: Sec 3012 / CVE-2016-1549 / VU#718152
• Affects: All ntp-4 releases up to, but not including 4.2.8p7, and 4.3.0 up to, but not including 4.3.92
• CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
• CVSS3: MED 5.3 - (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)
• Summary: ntpd can be vulnerable to Sybil attacks. If a system is set up to use a trustedkey and if one is not using the feature introduced in ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to specify which IPs can serve time, a malicious authenticated peer -- i.e. one where the attacker knows the private symmetric key -- can create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock.
• Mitigation:
  • Implement BCP-38.
  • Use the 4th argument in the ntp.keys file to limit the IPs that can be time servers.
  • Properly monitor your ntpd instances
• Credit: This weakness was discovered by Matthew Van Gundy of Cisco ASIG.