​Serious NTP security holes have appeared and are being exploited

A network time protocol security hole has been discovered and there are reports that exploits already exist for it and are being used in attacks.

Yes, I know, you're a hardworking system or network administrator and you want to go home for the holidays. Too bad, so sad. ISC-CERT is reporting that several major network time protocol (NTP) security holes have been uncovered and that there are already public exploits in the wild.

The NTP exploit clock is ticking and you don't have much time left.
You need to fix it. Now.

NTP is used across the Internet to set the clocks of essentially all connected computer clocks. Worse still, NTP can be used easily in "reflection attacks" to initiate distributed denial of service (DDoS) attacks. Indeed, one of the worse DDoS attacks of all time came from an NTP breach. Many other DDoS attacks in recent months have sprung from NTP vulnerabilities.

These security holes, according to ISC-CERT, are of the worst possible kind. They can be exploited remotely and exploits are already publicly available. Adding insult to injury, ISC-CERT added, "An attacker with a low skill would be able to exploit these vulnerabilities."

free pdf

Special report: The future of Everything as a Service

SaaS has set off a revolution in the way companies consume services on-demand. We look at how it's spreading to other IT services and transforming IT jobs.

Read More

All NTP Version 4 releases, prior to Version 4.2.8, are vulnerable and need to be updated to Version 4.2.8. Unfortunately, the NTP site, as of 5 PM Eastern time, has been going up and down. It's not clear if this is the result of heavy demand, a DDoS attack, or some other unrelated cause.

According to Dennis Fisher at ThreatPost, before the NTP site went down, the NTP advisory stated that a single packet would be enough to exploit NTP's vulnerabilities.

Further, "A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process."

Since patches may not be available from the NTP site at this time, I strongly urge you to approach your operating system vendor for NTP 4.2.8. While the patch was issued only a few hours ago, operating system vendors, such as Red Hat are already working on releasing polished patches.

In any case, plan of making a night of it. This is a serious bug and it's almost a sure bet that it will be used by hackers to launch DDoS attacks over the weekend

Related Stories:


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All