NTP BUG 2941: NAK to the Future: Symmetric association authentication bypass via crypto-NAK

Last update: June 28, 2022 20:06 UTC (57417e17c)


Summary

Resolved 4.2.8p4.md 21 Oct 2015
References Bug 2941 CVE-2015-7871
Affects All ntp-4 releases between 4.2.5p186 up to but not including 4.2.8p4,
and 4.3.0 up to but not including 4.3.77.
Resolved in 4.2.8p4.
CVSS2 Score 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P

Description

Crypto-NAK packets can be used to cause ntpd to accept time from unauthenticated ephemeral symmetric peers by bypassing the authentication required to mobilize peer associations. This vulnerability appears to have been introduced in ntp-4.2.5p186 when the code handling mobilization of new passive symmetric associations (lines 1103-1165) was refactored.


Mitigation


Credit

This weakness was discovered by Matthew Van Gundy of Cisco ASIG.


Timeline