[ntp:security] NTP Mode 6 readvar Amplification Issue

cve-assign at mitre.org cve-assign at mitre.org
Thu Oct 9 22:08:05 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> There is the potential for abuse of the NTP Version Command (Mode 6
> query READVAR) which can be used in an amplification attack. Based on
> reports from the ShadowServer Foundation, the command:
> 
> ntpq -c rv [ip]
> 
> can be used to generate approximately 30x amplification. We would like
> to know why this has not been identified as a "bug" nor a CVE issued
> accordingly. Can Mitre please issue a CVE for this issue, and NTP.org
> provide appropriate mitigations and/or an updated version of the
> product which is not susceptible to this.

Thanks for your note. The applicable part of MITRE's current practice
on CVE assignments for amplification attacks is, approximately:

 - cases in which a vendor of a UDP protocol implementation announces
   that they made a security-relevant mistake by having configuration
   or code elements that allow amplification attacks, and publishes a
   fix for this mistake

Occasionally, we receive reports suggesting that CVE assignments could
occur for any finding of a UDP protocol with a request type in which
the reply traffic is larger than the request traffic, regardless of
whether the reply traffic also has a potentially legitimate purpose.
That is not the case.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUNwbAAAoJEKllVAevmvmskYoH/j4qPqtQZsd+2IsdJmzr4Qnf
D9WzVeuzGZTLCYL6YrIfMHwS/hIIV0IPY1HG1V6v82MFiekGd1UzJTLNZL3jGZ3N
uYfPw38vw0fdNnjr3xw6jJfHO3h3l/gLOfSeWtY1kGcW4d94yEZhSG4rW53U+htt
9/AuxvrwxkPF5xegJcxs/8q1ifT3OY5frM+SWuCBNZ4VbavU9Nn6+SHft67eAutV
4nYO5w4W8N9voF7qNa2Cn7B74KCgPA1JUQ/oTQGakvxGme+JsF8ZO3/zNbfB212B
HmC28ButPOxLJOZ5dcwoNY5khwjCJxVuARjsI5RoWvfugAPjC8JCQKN+2f8xjJk=
=z+eK
-----END PGP SIGNATURE-----


More information about the security mailing list