Network Time Foundation:
---+ NTP Bug 3415 ---+++ Provide a way to prevent authenticated symmetric passive peering * Date Resolved: Stable (4.2.8p11) 27 Feb 2018 * References: [[https://bugs.ntp.org/3415][Sec 3415]] / [[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7170][CVE-2018-7170]] / [[https://www.kb.cert.org/vuls/id/961909][VU#961909]] * Also See: [[https://bugs.ntp.org/3012][Sec 3012]] / [[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1549][CVE-2016-1549]] / VU#718152 * Affects: All ntp-4 releases up to, but not including 4.2.8p7, and 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11. * CVSS2: LOW 3.5 - [[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)][(AV:N/AC:M/Au:S/C:N/I:P/A:N)]] * CVSS3: LOW 3.1 - [[https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C][(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)]] * Summary: =ntpd= can be vulnerable to Sybil attacks. If a system is set up to use a trustedkey and if one is not using the feature introduced in ntp-4.2.8p6 allowing an optional 4th field in the =ntp.keys= file to specify which IPs can serve time, a malicious authenticated peer -- i.e. one where the attacker knows the private symmetric key -- can create arbitrarily-many ephemeral associations in order to win the clock selection of =ntpd= and modify a victim's clock. Three additional protections are offered in ntp-4.2.8p11. One is the new =noepeer= directive, which disables symmetric passive ephemeral peering. Another is the new =ippeerlimit= directive, which limits the number of peers that can be created from an IP. The third extends the functionality of the 4th field in the =ntp.keys= file to include specifying a subnet range. * Mitigation: * Implement BCP-38. * Upgrade to ntp-4.2.8p11 or later from the [[https://www.ntp.org/downloads.html][NTP Project Download Page]] or the [[https://support.ntp.org/download][NTP Public Services Project Download Page]]. * Use the =noepeer= directive to prohibit symmetric passive ephemeral associations. * Use the =ippeerlimit= directive to limit the number of peers that can be created from an IP. * Use the 4th argument in the ntp.keys file to limit the IPs and subnets that can be time servers. * Have enough sources of time. * Properly monitor your =ntpd= instances. * If =ntpd= stops running, auto-restart it without =-g= . * Credit: This weakness was reported as Bug 3012 by Matthew Van Gundy of Cisco ASIG, and separately by Stefan Moser as Bug 3415.
This topic: Main
Topic revision: r2 - 2018-08-30 - 17:49:04 -
Copyright &© 1999-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site?