NTP BUG 2936: Skeleton Key: Any trusted key system can serve time

Last update: February 15, 2022 20:59 UTC (43fbd379b)


Summary

Resolved 4.2.8p6 19 Jan 2016
References Bug 2936 CVE-2015-7974
Affects All ntp-4 releases up to, but not including 4.2.8p6,
and 4.3.0 up to, but not including 4.3.90.
Resolved in 4.2.8p6.
CVSS2 Score 4.9 AV:N/AC:H/Au:S/C:N/I:C/A:N

Description

Symmetric key encryption uses a shared trusted key. The reported title for this issue was “Missing key check allows impersonation between authenticated peers” and the report claimed “A key specified only for one server should only work to authenticate that server, other trusted keys should be refused.” Except there has never been any correlation between this trusted key and server v. clients machines and there has never been any way to specify a key only for one server. We have treated this as an enhancement request, and ntp-4.2.8p6 includes other checks and tests to strengthen clients against attacks coming from broadcast servers.


Mitigation


Credit

This weakness was discovered by Matt Street of Cisco ASIG.


Timeline