Threat Update | Network Time Protocol Vulnerabilities

December 22, 2014

Network Time Protocol (NTP) is used to synchronize time between systems. Keeping time synchronized is important in the operation and logging information between systems. There are multiple vulnerabilities in NTP in versions prior to 4.2.8. These vulnerabilities could allow an attacker to run software with privileges of the NTP software.

It is recommended that versions of NTP software be upgraded to 4.2.8 or greater.

Advisories

The following advisories have been published:

  • ICSA-14-353-01: Network Time Protocol Vulnerabilities
  • CVE-2014-9293: Insufficient Entropy
  • CVE-2014-9294: Use of Cryptographically Weak PNRG
  • CVE-2014-9295: Stack-Based Buffer Overflows
  • CVE-2014-9296: Missing Return of Error

Monitoring Changes

For the timeservers on the network, we are developing additional correlation rules to track the number of NTP connections and watching for a change in the number of connections.

Remediation Actions

Review the scanning results for NTP servers active on the network.

Ensure versions of NTP are upgraded to version 4.2.8 or greater, or NTP fixes provide by vendors.


Take the First Step
In Transforming Your Cybersecurity Program

Enterprise security teams are adapting to meet evolving business needs. With 5 global Security Operations Centers, emerging technology partners and a dedicated team of security specialists, Herjavec Group is well-positioned to be your organization’s trusted advisor in cybersecurity. We’ll help you understand your risk exposure, increase your visibility and ROI, and proactively hunt for the latest threats.

Book a Free Consultation

Stay Informed

Follow us on Twitter
Connect with us on LinkedIn