NTP BUG 3361: 0rigin DoS

Last update: February 15, 2022 20:59 UTC (43fbd379b)


Summary

Resolved 4.2.8p10 21 Mar 2017
References Bug 3361 CVE-2016-9042
Affects ntp-4.2.8p9 (21 Nov 2016), up to but not including ntp-4.2.8p10. Resolved in 4.2.8p10.
CVSS2 Score MED 4.9 AV:N/AC:H/Au:N/C:N/I:N/A:C (worst case)
CVSS3 Score MED 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H (worst case)

Description

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition. This vulnerability can only be exploited if the attacker can spoof all of the servers.


Mitigation


Credit

This weakness was discovered by Matthew Van Gundy of Cisco.


Timeline