[ntp:security] [Bug 3045] Bad authentication demobilizes ephemeral associations

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Thu May 5 08:52:12 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=3045

Harlan Stenn <stenn at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P5                          |P3
            Summary|test #4                     |Bad authentication
                   |                            |demobilizes ephemeral
                   |                            |associations
              Flags|                            |blocking4.2.8+
           Severity|enhancement                 |normal

--- Comment #1 from Harlan Stenn <stenn at ntp.org> 2016-05-05 08:52:12 UTC ---
Miroslav writes:

The recent vulnerability CVE-2016-1547 was about spoofed crypto-NAKs
demobilizing ephemeral associations. There is a similar problem with
packets that don't authenticate properly. An attacker can send a
spoofed packet with random MAC which will demobilize an ephemeral
association.

It seems there is also a problem with the peer_clear() call when
autokey is enabled on permanent associations. The association is not
demobilized with a spoofed crypto-NAK or packet with bad MAC, but the
state variables are reset in the peer_clear() call, which I think
allows a DoS attack preventing synchronization using that association.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list