Ntpd reference implementing Denial of Service Vulnerability (CVE-2015-1799)

Ntpd reference implementing Denial of Service Vulnerability (CVE-2015-1799)

Ntpd reference implementing Denial of Service Vulnerability (CVE-2015-1799)

Release date:
Updated on:

Affected Systems:
NTP <4.2.8p2
NTP 4.x
NTP 3.x
Description:
Network Time Protocol (NTP) is a Protocol used to synchronize computer Time. It can synchronize computers with their servers or clock sources (such as quartzels and GPS.

According to the NTP project, ntpd uses symmetric keys to encrypt and accept unauthenticated data packets, without the protection of symmetric Association Denial of Service (DoS) attacks. In xntp3.3wy to ntp-4.2.8p1, when two peer hosts receive packets, if the source Timestamp and transmission timestamp do not match, the DOS is triggered, and the attacker periodically sends such packets to the two hosts, to prevent synchronization.

<* Source: Miroslav Lichvar

Link: http://www.kb.cert.org/vuls/id/374268
Http://secunia.com/advisories/63784/
*>

Suggestion:
Vendor patch:

NTP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://support.ntp.org/bin/view/Main/SecurityNotice#April_2015_NTP_Security_Vulnerab
Http://bugs.ntp.org/show_bug.cgi? Id = 2779
Http://bugs.ntp.org/show_bug.cgi? Id = 2781

CentOS NTP server installation and configuration

NTP servers in Linux

NTP client configurations for multiple operating systems

Build an enterprise-level NTP Time Server

Set up an ntp time synchronization server in Linux

Enable NTP time server in CentOS 6.3

This article permanently updates the link address: