Monday, November 21, 2016

Patch your ntpd servers

With many important things depending on time (think Kerberos), NTP is an important but often forgotten component of your network.  Because the NTP daemon for Linux is relatively lightweight, it's rare for bugs to pop up in such a common service.

But a new bug has been found in the NTP daemon.  It allows a single packet denial of service condition which can be exploited remotely without authentication.  To make things more interesting, there's a trivial proof of concept exploit available.  The exploit it CVE 2016-7434 and the exploit and advisory are linked here.

At Rendition Infosec we always recommend clients apply the latest patches.  But in this case, that may not be possible.  NTP runs on many embedded products and on many of those products it can't be patched.  Some network appliances have fallen out of support with vendors or vendors may simply be slow to provide a patch.  In those cases, restricting access to NTP from unauthorized locations may be your only recourse.  If your network isn't architected for defense in depth, maybe now is a good time to consider what changes you can make today that will make defense tomorrow easier.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.