[ntp:security] [Bug 2947] New: Ntpq vulnerable to replay attacks

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Sat Oct 17 09:07:27 UTC 2015


             Bug #: 2947
           Summary: Ntpq vulnerable to replay attacks
           Product: ntp
           Version: 4.2.8
          Platform: All
        OS/Version: All
            Status: CONFIRMED
          Severity: normal
          Priority: P3
         Component: Security Bugs
        AssignedTo: stenn at ntp.org
        ReportedBy: stenn at ntp.org
                CC: security at ntp.org
             Group: Security
    Classification: Unclassified

Harlan Stenn <stenn at ntp.org> changed:

           What    |Removed                     |Added
              Flags|                            |blocking4.2.8+

Created attachment 1352
  --> http://bugs.ntp.org/attachment.cgi?id=1352

The ntpq protocol is vulnerable to replay attacks. The sequence number being
included under the signature fails to prevent replay attacks for two reasons.
Commands that don't require authentication can be used to move the sequence
number forward, and NTP doesn't actually care what sequence number is used so a
packet can be replayed at any time.

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list