NTP BUG 2879: Improve NTP security against buffer comparison timing attacks

Last update: June 28, 2022 20:06 UTC (57417e17c)


Resolved 4.2.8p7 26 Apr 2016
References Bug 2879 CVE-2016-1550
Affects All ntp-4 releases up to, but not including 4.2.8p7,
and 4.3.0 up to, but not including 4.3.92.
Resolved in 4.2.8p7.
CVSS2 Score LOW 2.6 AV:L/AC:H/Au:N/C:P/I:P/A:N
CVSS3 Score MED 4.0 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N


Packet authentication tests have been performed using memcmp() or possibly bcmp(), and it is potentially possible for a local or perhaps LAN-based attacker to send a packet with an authentication payload and indirectly observe how much of the digest has matched.



This weakness was discovered independently by Loganaden Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.