Network Time Protocol flaws defy HTTPS, cause network chaos

Serious flaws have been discovered in NTP which can be exploited to cause wholesale destruction on a network -- because of a clock.


Network admins take note: A set of vulnerabilities can bypass HTPPS with ease and result in spying, outages and authentication bypass.

Discovered on Wednesday by Cisco's security intelligence and research group Talos, the critical bugs are found within the Network Time Protocol (NTP), designed to synchronize the clocks of computers over a network. Developed before 1985, the protocol is one of the oldest still in use.

In a blog post documenting the find, Talos said a logic error within the Network Time Protocol daemon (NTPD), the operating system behind the protocol, could allow attackers to bypass authentication procedures and effectively grant them the keys to a network kingdom.

The error lies within NTPD's handling of certain crypto-NAK packets -- unauthenticated packets -- which results in vulnerabilities that give attackers the chance to force NTPD processes to link to malicious time sources and change network clocks.

In most configurations, NTPD decides which other daemons to peer with through controls specified by admins within the ntp.conf configuration file. However, NTP can create peer associations on the fly -- as long as a packet received has been authenticated under a trusted key.

When a vulnerable NTPD such as version 4.2.8p3 handles a data packet, this peerage bypasses authentication protocols and can let attackers in. As explained by the security researchers:

"An error handling logic error exists within ntpd that manifests due to improper error condition handling associated with certain crypto-NAK packets. An unauthenticated, off­-path attacker can force ntpd processes on targeted servers to peer with time sources of the attacker's choosing by transmitting symmetric active crypto­-NAK packets to ntpd.

This attack bypasses the authentication typically required to establish a peer association and allows an attacker to make arbitrary changes to system time."

Together with seven other NTP vulnerabilities ranging from memory corruption flaws to integer overflow read access violations and denial-of-service vulnerabilities, attackers taking advantage of these flaws could result in a number of problems for network administrators.

According to Talos, by maliciously changing system times, an attacker could authenticate through expired passwords and accounts, cause TLS clients to accept expired and revoked certificates -- as well as reject those which are currently valid -- and circumvent modern security structures such as certificate pinning and HTTPS.

In addition, an attacker could deny service rights to authentication systems, force caching systems such as DNS to flush their results, resulting in network performance meltdowns, and damage the systems themselves internally. All by changing a clock.

All ntp-4 stable releases from 4.2.5p186 through 4.2.8p3 appear to be vulnerable, but upgrading to ntp-4.2.8p4 fixes these problems. Until then, the best defence is to use firewall software to stop malicious traffic in its tracks.

Read on: Top picks

Show Comments