​Serious NTP security holes have appeared and are being exploited

A network time protocol security hole has been discovered and there are reports that exploits already exist for it and are being used in attacks.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Yes, I know, you're a hardworking system or network administrator and you want to go home for the holidays. Too bad, so sad. ISC-CERT is reporting that several major network time protocol (NTP) security holes have been uncovered and that there are already public exploits in the wild.

The NTP exploit clock is ticking and you don't have much time left.
You need to fix it. Now.

NTP is used across the Internet to set the clocks of essentially all connected computer clocks. Worse still, NTP can be used easily in "reflection attacks" to initiate distributed denial of service (DDoS) attacks. Indeed, one of the worse DDoS attacks of all time came from an NTP breach. Many other DDoS attacks in recent months have sprung from NTP vulnerabilities.

These security holes, according to ISC-CERT, are of the worst possible kind. They can be exploited remotely and exploits are already publicly available. Adding insult to injury, ISC-CERT added, "An attacker with a low skill would be able to exploit these vulnerabilities."

All NTP Version 4 releases, prior to Version 4.2.8, are vulnerable and need to be updated to Version 4.2.8. Unfortunately, the NTP site, as of 5 PM Eastern time, has been going up and down. It's not clear if this is the result of heavy demand, a DDoS attack, or some other unrelated cause.

According to Dennis Fisher at ThreatPost, before the NTP site went down, the NTP advisory stated that a single packet would be enough to exploit NTP's vulnerabilities.

Further, "A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process."

Since patches may not be available from the NTP site at this time, I strongly urge you to approach your operating system vendor for NTP 4.2.8. While the patch was issued only a few hours ago, operating system vendors, such as Red Hat are already working on releasing polished patches.

In any case, plan of making a night of it. This is a serious bug and it's almost a sure bet that it will be used by hackers to launch DDoS attacks over the weekend

Related Stories:

Editorial standards