NTP BUG 2666: non-cryptographic random number generator with weak seed used by ntp-keygen to generate symmetric keys

Last update: February 15, 2022 20:59 UTC (43fbd379b)

Summary

Resolved	4.2.7p230	01 Nov 2011
References	Bug 2666	CVE-2014-9294
Affects	All NTP4 releases before 4.2.7p230.	Resolved in 4.2.7p230.
CVSS2 Score	7.3	AV:N/AC:L/Au:M/C:P/I:P/A:C

Description

Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to prepare a random number generator that was of good quality back in the late 1990s. The random numbers produced was then used to generate symmetric keys. In ntp-4.2.8 we use a current-technology cryptographic random number generator, either RAND_bytes from OpenSSL, or arc4random().

Mitigation

Any of:

Upgrade to 4.2.7p230 or later.
Put restrict ... noquery in your ntp.conf file, for non-trusted senders.

Credit

This vulnerability was discovered in ntp-4.2.6 by Stephen Roettger of the Google Security Team.

Timeline

2011 Nov 1: Public release
XXXX: Early Access Program Release: Premier and Partner Institutional Members
XXXX: Notification to Institutional Members
XXXX: Notification from reporter