NTP BUG 2945: 0rigin: Zero Origin Timestamp Bypass
Last update: June 28, 2022 20:06 UTC (57417e17c)
Summary
Description
To distinguish legitimate peer responses from forgeries, a client attempts to verify a response packet by ensuring that the origin timestamp in the packet matches the origin timestamp it transmitted in its last request. A logic error that allowed packets with an origin timestamp of zero to bypass this check whenever there is not an outstanding request to the server.
Mitigation
- Configure
ntpd
to get time from multiple sources.
- Upgrade to 4.2.8p6 or later.](/downloads/)
- Monitor your
ntpd
instances.
Credit
This weakness was discovered by Jonathan Gardner of Cisco ASIG.
Timeline