ntpd Flaw Lets Remote Users Modify Time on the Target ntp Service in Certain Cases
|
|
SecurityTracker Alert ID: 1034670 |
|
SecurityTracker URL: http://securitytracker.com/id/1034670
|
|
CVE Reference:
CVE-2015-5300
(Links to External Site)
|
Date: Jan 14 2016
|
Impact:
Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.0 to 4.2.8p5, 4.3.0 to 4.3.78
|
Description:
A vulnerability was reported in ntp. A remote user that can conduct a man-in-the-middle attack can modify time on the target ntp service.
When ntpd is started with the '-g' option, a remote user that can conduct a man-in-the-middle attack can exploit a threshold limitation flaw to cause the target ntp client to make multiple steps larger than the panic threshold. This can be exploited to set the time to an arbitrary value.
The original advisory is available at:
https://www.cs.bu.edu/~goldbe/NTPattack.html
Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, and Sharon Goldberg of Boston University reported this vulnerability.
|
Impact:
A remote user that can conduct a man-in-the-middle attack can modify time on the target ntp service.
|
Solution:
The vendor has issued a fix (4.2.8p5).
[Editor's note: The vulnerability was also fixed in development version 4.3.78 (in November 2015)].
The vendor's advisory is available at:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit [nofetch]
|
Vendor URL: support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
