[security at ntpsec.org] Bug#964395: Does CVE-2020-13817 affect ntpsec?
Hal Murray
hmurray at megapathdsl.net
Thu Aug 13 10:48:26 UTC 2020
> I don't think I ever got an answer on this one.
It looks familiar, but I can't find any old mail that matches up.
I'm probably confusing it with a similar problem.
----------
>> https://bugs.ntp.org/show_bug.cgi?id=3596
That bug talks about feeding bogus time to a system by guessing the transmit
time stamp.
When ntpd gets a response, it drops responses where the time-stamp it sent
doesn't match the corresponding slot in the reply. The idea is that most of
the bits in that slot are predictable so an off path attacker has a good
chance of getting a bogus response through by guessing the value the server is
expecting.
There is a draft in the pipeline:
https://tools.ietf.org/html/draft-ietf-ntp-data-minimization-04
We implement that.
I don't know if the authors considered this particular case, but they covered
it. We send a random value in that slot (and keep the time in our back
pocket) so similar attacks are unlikley to work.
--
These are my opinions. I hate spam.
More information about the devel
mailing list