[ntp:security] [Bug 3072] test #2

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Tue Jun 14 22:11:00 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=3072

Harlan Stenn <stenn at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P5                          |P2
              Group|                            |Security
              Flags|                            |blocking4.2.8+
           Severity|enhancement                 |major

--- Comment #1 from Harlan Stenn <stenn at ntp.org> 2016-06-14 22:11:00 UTC ---
Miroslav writes:

When ntpd receives a server response on a socket that corresponds to a
different interface than was used for the request, the peer structure
is updated to use the interface for new requests. If ntpd is running
on a host with multiple interfaces in separate networks and the
operating system doesn't check source address in received packets
(e.g. rp_filter on Linux is set to 0), an attacker that knows the
address of the source can send a packet with spoofed source address
which will cause ntpd to select wrong interface for the source and
prevent it from sending new requests until the list of interfaces is
refreshed, which happens on routing changes or every 5 minutes by
default. If the attack is repeated often enough (once per second),
ntpd will not be able to synchronize with the source.

A possible fix is to remove the update of the interface in findpeer().

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list