December 22, 2014

Threat Update | Network Time Protocol Vulnerabilities

Network Time Protocol (NTP) is used to synchronize time between systems. Keeping time synchronized is important in the operation and logging information between systems. There are multiple vulnerabilities in NTP in versions prior to 4.2.8. These vulnerabilities could allow an attacker to run software with privileges of the NTP software.

It is recommended that versions of NTP software be upgraded to 4.2.8 or greater.

Advisories

The following advisories have been published:

  • ICSA-14-353-01: Network Time Protocol Vulnerabilities
  • CVE-2014-9293: Insufficient Entropy
  • CVE-2014-9294: Use of Cryptographically Weak PNRG
  • CVE-2014-9295: Stack-Based Buffer Overflows
  • CVE-2014-9296: Missing Return of Error

Monitoring Changes

For the timeservers on the network, we are developing additional correlation rules to track the number of NTP connections and watching for a change in the number of connections.

Remediation Actions

Review the scanning results for NTP servers active on the network.

Ensure versions of NTP are upgraded to version 4.2.8 or greater, or NTP fixes provide by vendors.

References

Network Time Protocol Advisory

List of systems effected




*By selecting one of the communications above, you consent to Herjavec Group
sending commercial electronic messages to you for marketing purposes,
including information about the products, services and events selected.