In association with heise online

01 August 2012, 17:39

Bogus leap second disrupts Linux systems

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit


During the night of 31 July to 1 August, various servers that provide time information via NTP (Network Time Protocol) incorrectly announced that clients should apply a leap second. On Tuesday evening, Marco Marongiu pointed to this issue on one of the NTP project's mailing lists. Now, reports from users whose systems applied a leap second at 00:00 Coordinated Universal Time (UTC) – 2am CET – can be found in places such as a Mythtv forum, on Twitter, on Google+ and on the NTP project's mailing lists.

Unlike at the previous turn of the month, no leap second was scheduled to be applied last night. Occasionally added at the end of June or December, such extra seconds are introduced to ensure that Coordinated Universal Time never deviates from UT1 astronomical time by more than 0.9 seconds; this is designed to keep clock time close to the time of day (i.e. the actual position of the sun).

It is as yet unclear why various NTP servers announced that a leap second would be added last night; in a posting on one of the NTP project's mailing lists, Marco Marongiu speculated that it could have been a "rather imaginative" Denial of Service (DoS) attack on a global scale.

If this is the case, the attack probably targeted badly maintained Linux computers. A month ago, the real leap second triggered a bug in the Linux kernel that crashed numerous Linux systems; some were even disrupted to such an extent that the processor ended up working under full load, wasting power until the system was rebooted or an administrator intervened. The kernel developers analysed the problem and fixed it during the development of Linux 3.5; shortly afterwards, the corrections were incorporated into Linux kernel versions 3.0.38, 3.2.24 and 3.4.6, which were all released in the second half of July. Although various Linux distributors also deployed a kernel update to fix the cause of the problem, many systems are probably still running vulnerable Linux kernels.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit