NTP BUG 2879: Improve NTP security against buffer comparison timing attacks

Last update: February 15, 2022 20:59 UTC (43fbd379b)


Summary

Resolved 4.2.8p7 26 Apr 2016
References Bug 2879 CVE-2016-1550
Affects All ntp-4 releases up to, but not including 4.2.8p7,
and 4.3.0 up to, but not including 4.3.92.
Resolved in 4.2.8p7.
CVSS2 Score LOW 2.6 AV:L/AC:H/Au:N/C:P/I:P/A:N
CVSS3 Score MED 4.0 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

Packet authentication tests have been performed using memcmp() or possibly bcmp(), and it is potentially possible for a local or perhaps LAN-based attacker to send a packet with an authentication payload and indirectly observe how much of the digest has matched.


Mitigation


Credit

This weakness was discovered independently by Loganaden Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.


Timeline