[ntp:security] [Bug 1300] savecfg allows writes to any part of the filesystem

Brian Utterback via the NTP Bugzilla bugzilla at ntp.org
Fri Sep 11 18:29:26 UTC 2009


Additional Comments From brian.utterback at sun.com (Brian Utterback)
Submitted on 2009-09-11 18:29

Keys very often go over the wire, just not in the ntpq packet. See the
discussion of key distribution in the autokey docs. And the ntpq packets do have
the timestamps, but I doubt very much that they are checked.

I am not saying that sniffing the ntpq packet will let you issue a different
command. I am saying that this makes the keys that were formerly of low value so
as to be freely passed around now suddenly of very high value. In many cases all
of the servers clients will have keys. A common configuration idiom (the one I
gave several messages back) will result in any of the clients being able to
brickify the server. 

Brian Utterback <brian.utterback at sun.com>

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the security mailing list