[ntp:security] [Bug 3110] Windos: ntpd DoS by oversized UDP packet

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Fri Sep 9 05:44:16 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=3110

Juergen Perlinger <perlinger at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P5                          |P1
             Status|CONFIRMED                   |IN_PROGRESS
            Summary|test #1                     |Windos: ntpd DoS by
                   |                            |oversized UDP packet
         OS/Version|All                         |Windows 7
           Severity|enhancement                 |critical

--- Comment #1 from Juergen Perlinger <perlinger at ntp.org> 2016-09-09 05:44:16 UTC ---
Rober Pajak <robert.pajak at pl.abb.com> gave the following report:

------------------------------------------------------------------
In short: After sending messaged with optional field set, the NTP server stops
responding.


Testing environment:
- Windows 7 Ultimate Service Pack 1
- Meinberg NTP version: 4.2.8p8

Repro steps:

1. Application processed NTP request without extension field, from test tool
properly and gives a proper server response(packet number 102-103) - just to
check if everything is fine

[cid:0deedeb8-70d0-44f6-9730-6cb67cf4a8e7]


2. Application received 6 NTP requests with extension field enabled from test
tool (104-113) but not responding - this so far acceptable according to the NTP
documentation

[cid:ce225d3c-7e92-42e9-bbb6-46491f588dd5]


3. Test tool sent more NTP requests again without enabling extension field
(Packet number 114 to 134) and application is still not responding with a
proper server message - INPROPER BEHAVIOR

[cid:08233b18-392a-4322-935d-95f91c9d1220]


A pcap file and ntp configuration file are attached to this message.

NTP Event Log:

[cid:c2af5483-042f-420f-935f-372abe0597b2]

Please contact us if any more information is needed and also if we are doing
something wrong.

------------------------------------------------------------------

Analysis of the log file shows that ntpd does not deal well with partial reads
of UDP frames, which is a specialty of the Windows UDP implementation.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list