Eight NTP vulnerabilities are detected during network time synchronization.

Eight NTP vulnerabilities are detected during network time synchronization.

Recently, Cisco researchers found eight security vulnerabilities in the Network Time Protocol (NTP). Currently, Linux, Mac, and BSD operating systems are using this Protocol. The time when these vulnerabilities were discovered happened to be the time Michael J. Fox traveled in the movie "back to future 2.

One of the eight Security Vulnerabilities allows hackers to manipulate the target clock, and the affected people believe that they have crossed the Future (it is a bit of an story ).

These vulnerabilities affect the NTP protocol daemon, which is a protocol for synchronizing time in the entire computer network (the computer network here can be the Internet, Intranet, or a smaller LAN ).

These vulnerabilities contain a logic error that allows hackers to bypass certificates and modify the local system time; memory crash: Enable protocol-caused buffer overflow or use (use-after-free) attacks; destroy the daemon or enable it to enter an endless loop, resulting in DoS status; directory traversal and file overwrite, allows hackers to overwrite NTPD configurations.

NTP 4.2.5p186 to 4.2.8p3 versions are affected. However, the NTP protocol developer released a new version yesterday to fix the above problems.

CentOS NTP server installation and configuration

NTP servers in Linux

NTP client configurations for multiple operating systems

Build an enterprise-level NTP Time Server

Set up an ntp time synchronization server in Linux

Enable NTP time server in CentOS 6.3

This article permanently updates the link address: