The NTP service process has fixed a major security vulnerability. Please upgrade it as soon as possible.

The NTP service process has fixed a major security vulnerability. Please upgrade it as soon as possible.

US-CERT disclosed that a large number of security defects have been found in ntpd recently. Ntpd is a service process of Network Time Protocol NTP. Most servers and devices use it to process time-related tasks.

Although there are multiple NTP service processes, we generally refer to NTP.org's ntpd service process, which is also the version used by most servers and devices. In January and April of this year, it fixed two large numbers of security vulnerabilities.

According to Cisco, some vulnerabilities may cause DoS attacks or even skip the authentication process. Cisco is a member of the Linux Foundation Core Infrastructure Plan (Linux Foundation Core Infrastructure Initiative) responsible for promoting the Security Evaluation of NTP.

Because various smart devices require time-related functions, many devices adopt the NTP protocol and NTP.org service processes to ensure the system clock synchronization is consistent.

The security problems found in this Protocol are very serious, as this can easily cause damage to attackers.

NTP-access to various networks

Two weeks ago, two security researchers discovered security defects in the NTP service process. They have developed a vulnerability verification program for network attacks and used it to simulate NTP communication, the notorious 1970 vulnerability can be exploited to make iOS devices brick!

In addition to this vulnerability, Web security vendors also know that the NTP protocol is also one of the most common DDoS attacks.

US-CERT invites website administrators and system administrators to pay attention to this issue and install the latest patches. The organization has listed up to 75 vendors affected by security vulnerabilities in NTP.org's ntpd service process, including Apple, Cisco, Google, VMWare, and other famous vendors.

Administrators should upgrade their device firmware and server software to the latest version (4.2.8p7) as soon as possible ).

CentOS NTP server installation and configuration

NTP servers in Linux

NTP client configurations for multiple operating systems

Build an enterprise-level NTP Time Server

Set up an ntp time synchronization server in Linux

Enable NTP time server in CentOS 6.3

This article permanently updates the link address: