Threat Update | Network Time Protocol Vulnerabilities

December 22, 2014

Network Time Protocol (NTP) is used to synchronize time between systems. Keeping time synchronized is important in the operation and logging information between systems. There are multiple vulnerabilities in NTP in versions prior to 4.2.8. These vulnerabilities could allow an attacker to run software with privileges of the NTP software.

It is recommended that versions of NTP software be upgraded to 4.2.8 or greater.


The following advisories have been published:

  • ICSA-14-353-01: Network Time Protocol Vulnerabilities
  • CVE-2014-9293: Insufficient Entropy
  • CVE-2014-9294: Use of Cryptographically Weak PNRG
  • CVE-2014-9295: Stack-Based Buffer Overflows
  • CVE-2014-9296: Missing Return of Error

Monitoring Changes

For the timeservers on the network, we are developing additional correlation rules to track the number of NTP connections and watching for a change in the number of connections.

Remediation Actions

Review the scanning results for NTP servers active on the network.

Ensure versions of NTP are upgraded to version 4.2.8 or greater, or NTP fixes provide by vendors.

About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services, Threat Management and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn