NTP Bug 2945

0rigin: Zero Origin Timestamp Bypass

  • Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
  • References: Sec 2945 / CVE-2015-8138
  • Affects: All ntp-4 releases up to, but not including 4.2.8p6, and 4.3.0 up to, but not including 4.3.90
  • CVSS2: MED 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
  • CVSS3: MED 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) (3.7 - LOW if you score AC:H)
  • Summary: To distinguish legitimate peer responses from forgeries, a client attempts to verify a response packet by ensuring that the origin timestamp in the packet matches the origin timestamp it transmitted in its last request. A logic error that allowed packets with an origin timestamp of zero to bypass this check whenever there is not an outstanding request to the server.
  • Mitigation:
  • Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG.

This topic: Main > SecurityNotice > NtpBug2945
Topic revision: r2 - 2016-04-27 - 02:50:04 - SueGraves
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback