Wednesday, March 22, 2017

Update - Remediating the NTP Daemon DoS Vulnerability

There were multiple vulnerabilities recently discovered in the Network Time Protocol (NTP) daemon, along with a patch to remediate them. A patch for this specific vulnerability -- named NTP 4.2.8p9 -- was released by the Network Time Foundation Project (NTFP).

A researcher named Magnus Stubman discovered the vulnerability and, instead of going public, took the mature route and privately informed the community of his findings. The remediation was part of the NTP 4.2.8p9 release. Stubman has written that the vulnerability he discovered could allow unauthenticated users to crash NTPF with a single malformed UDP packet, which will cause a null point dereference (you can read more about the technical details of the exploit of the NTP daemon from Stubman on his personal website). This means that an attacker could be able to craft a UDP packet towards the service, resulting in an exception bypass that can cause the process to crash.

This denial-of-service (DoS) attack on the NTP daemon is dangerous because all systems rely on synchronizing their time within milliseconds of each other to properly operate, keep authentication protocols working smoothly, timestamp for compliance, correlate security logs and so on. Without the NTP daemon working properly in an environment, errors could cascade quickly throughout the network. The threat to the environment is real, and if it's not patched, an attacker could take advantage of this vulnerability. Read the rest of my article at the link below:

No comments:

Post a Comment