Ntpd reference implementing Denial of Service Vulnerability (CVE-2015-1799)
Ntpd reference implementing Denial of Service Vulnerability (CVE-2015-1799)
Release date:
Updated on:
Affected Systems:
NTP <4.2.8p2
NTP 4.x
NTP 3.x
Description:
Network Time Protocol (NTP) is a Protocol used to synchronize computer Time. It can synchronize computers with their servers or clock sources (such as quartzels and GPS.
According to the NTP project, ntpd uses symmetric keys to encrypt and accept unauthenticated data packets, without the protection of symmetric Association Denial of Service (DoS) attacks. In xntp3.3wy to ntp-4.2.8p1, when two peer hosts receive packets, if the source Timestamp and transmission timestamp do not match, the DOS is triggered, and the attacker periodically sends such packets to the two hosts, to prevent synchronization.
<* Source: Miroslav Lichvar
Link: http://www.kb.cert.org/vuls/id/374268
Http://secunia.com/advisories/63784/
*>
Suggestion:
Vendor patch:
NTP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.ntp.org/bin/view/Main/SecurityNotice#April_2015_NTP_Security_Vulnerab
Http://bugs.ntp.org/show_bug.cgi? Id = 2779
Http://bugs.ntp.org/show_bug.cgi? Id = 2781
CentOS NTP server installation and configuration
NTP servers in Linux
NTP client configurations for multiple operating systems
Build an enterprise-level NTP Time Server
Set up an ntp time synchronization server in Linux
Enable NTP time server in CentOS 6.3
This article permanently updates the link address: