Some light reading from Oracle

Dan Poirot dtpoirot at gmail.com
Thu Apr 28 08:17:40 UTC 2016


This just in...

	
http://blog.talosintel.com/2016/04/vulnerability-spotlight-further-ntpd_27.h
tml 

Vulnerability Spotlight: Further NTPD Vulnerabilities 

As a member of the Linux Foundation ( https://www.coreinfrastructure.org/ ),
Cisco is contributing to the CII effort by evaluating the Network Time
Protocol daemon (ntpd) for security defects. We previously identified a (
http://blog.talosintel.com/2015/10/ntpd-vulnerabilities.html ) in the
Network Time Protocol daemon; through our continued research we have
identified further vulnerabilities in the software.

Since 2013, criminals have been abusing NTP packets in order to cause
(http://blogs.cisco.com/security/when-network-clocks-attack). The ubiquity
of the Network Time Protocol daemon and the importance of co-ordinated time
for the correct functioning of many services means that it is a tempting
target for attack. Vulnerabilities that allow the time as understood by ntpd
to be altered can be used by attackers to set the time to an arbitrary
value. This allows attackers to prevent time dependent services from
starting because the time of activation is never reached, to provoke the
depletion of system resources by repeatedly reaching the time of activation
of services, to gain system access by using expired certificates, to deny
service by expiring legitimate services and caches. Hence, the importance of
identifying and remediating vulnerabilities within the time service.

Cisco has discovered six vulnerabilities within ntpd that allow attackers to
craft UDP packets to either cause a denial of service condition or to
prevent the correct time being set. We recommend that all users upgrade to
the latest version of ntpd. 


...and then they go on to list the CVE's...




More information about the devel mailing list