Threat Update | Network Time Protocol Vulnerabilities
December 22, 2014
Network Time Protocol (NTP) is used to synchronize time between systems. Keeping time synchronized is important in the operation and logging information between systems. There are multiple vulnerabilities in NTP in versions prior to 4.2.8. These vulnerabilities could allow an attacker to run software with privileges of the NTP software.
It is recommended that versions of NTP software be upgraded to 4.2.8 or greater.
Advisories
The following advisories have been published:
- ICSA-14-353-01: Network Time Protocol Vulnerabilities
- CVE-2014-9293: Insufficient Entropy
- CVE-2014-9294: Use of Cryptographically Weak PNRG
- CVE-2014-9295: Stack-Based Buffer Overflows
- CVE-2014-9296: Missing Return of Error
Monitoring Changes
For the timeservers on the network, we are developing additional correlation rules to track the number of NTP connections and watching for a change in the number of connections.
Remediation Actions
Review the scanning results for NTP servers active on the network.
Ensure versions of NTP are upgraded to version 4.2.8 or greater, or NTP fixes provide by vendors.