In association with heise online

19 May 2009, 11:08

Buffer Overflow in ntpd time protocol service

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A buffer overflow in ntpd, the open source implementation of the Network Time Protocol, can allow an attacker to remotely crash or compromise a system. The problem is caused by the use of the unsafe C function sprintf in crypto_recv in ntpd/ntp_crypto.c. With manipulated server responses, it is possible to provoke the buffer overflow. The attack only works if ntpd is run with OpenSSL support and Autokey enabled. According to the US-CERT, this vulnerable configuration is indicated by an entry crypto pw password in the ntp.conf file, where password is the configured password.

An update to the utility to ntp 4.2.4p7 fixes the error. This is an updated version of the NTP daemon which also fixes a buffer overflow in ntpq, the NTP query daemon. The US-CERT list that this fault in ntpd has been confirmed by Debian, Red Hat and FreeBSD. New packages are available, but not yet distributed and other manufacturers are probably affected. An alternative to updating is to switch off the Autokey function by removing the crypto pw line from ntp.conf.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit