[ntp:security] [Bug 1300] savecfg allows writes to any part of the filesystem

Danny Mayer via the NTP Bugzilla bugzilla at ntp.org
Fri Sep 11 12:00:31 UTC 2009


Additional Comments From mayer at ntp.org (Danny Mayer)
Submitted on 2009-09-11 12:00

Dave, you don't understand. MD5 is no security at all. It is trivially broken
and even brute force attacks are easy (I seem to recall breaking MD5 is in the
order of seconds). Check the literature. You cannot rely on MD5 for security. I
recall a discussion elsewhere on replacing MD5 because of its vunerability and
the conclusion was it was not necessary for the MAC. However for ntpq you are
giving people access to the file system using this mechanism. This would be a
zero-day exploit. Servers everywhere are using ntpd and ANY access at all to the
file system would be a cart blanche to attackers everywhere to take advantage of
the access. These are not simple script kiddies, these are now criminal
organizations that exploit every opportunity that they can find. These are smart
people and they will always find a way. Once ntpd leaves our hands it's too late
to recall. Patches almost never happen on time.

We don't need CERT advisories to address this problem. We already know the problem.


Danny Mayer <mayer at ntp.org>

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the security mailing list