NTP BUG 2902: Configuration directives to change pidfile and driftfile should only be allowed locally
Last update: June 28, 2022 20:06 UTC (57417e17c)
ntpd is configured to allow for remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password, it’s possible for an attacker to use the
driftfile directives to potentially overwrite other files.
- Implement BCP-38.
- Upgrade to 4.2.8p4 or later.
- If you cannot upgrade, don’t enable remote configuration.
- If you must enable remote configuration and cannot upgrade, remote configuration of NTF’s
- an explicitly configured
trustedkey, and you should also configure a
- access from a permitted IP. You choose the IPs.
- authentication. Don’t disable it. Practice secure key safety.
- Monitor your
This weakness was discovered by Miroslav Lichvar of Red Hat.