NTP (Network TIme Protocol) contains an integer overflow vulnerability that may lead to clients receiving an incorrect date/time offset.
NTP (Network Time Protocol) is a method by which client machines can synchronize the local date and time with a reference server. The server will miscalculate the offset reply, if it receives a request from an NTP client containing a date that is more or less than 34 years of the server's date.
This offset is a 64-bit value, with 32 bits representing whole seconds, and 32 bits representing fractions of a second . The 34-year limit is imposed by the use of a 32-bit signed integer.
The NTP server performs a series of calculations, accounting for transmission delay and computing time, resulting in a value which represents the difference between the NTP server time and the requesting machine's time.
The packet sent back to the client is a date/time offset, which is then used to update the client's date/time.
Clients making requests of an NTP server and supplying a date/time that is more than 34 years in the future (or past) from the NTP server date/time will receive an incorrect date/time offset from the server, resulting in an incorrect date/time on the client.
There is no known impact to the NTP server.
NTPd Version 4 resolves this issue.
Vendor| Status| Date Notified| Date Updated
NTP.org| | -| 05 Mar 2004
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Thanks to David L. Mills of NTP.org for reporting this vulnerability.
This document was written by Robert D Hanson.