Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability

2015-04-08T17:05:12
ID CISCO-SA-20150408-CVE-2015-1798
Type cisco
Reporter Cisco
Modified 2015-07-23T12:35:37

Description

A vulnerability in the Network Time Protocol (NTP) daemon could allow an unauthenticated, adjacent attacker to bypass authentication mechanisms and access an affected system.

The vulnerability is due to incorrect validation of the message authentication code (MAC) field. An attacker could exploit this vulnerability by sending unauthenticated NTP packets to an NTP host that is configured with symmetric key authentication. An exploit could allow the attacker to inject NTP packets to the NTP host without knowing the NTP symmetric key.

NTP.org has released a security notice and software updates to address the vulnerability.

To exploit the vulnerability, the attacker may need access to trusted or internal networks to transmit crafted packets to the affected system. This access requirement limits the likelihood of a successful exploit.

The vulnerability is exploitable only on an application that is configured with the symmetric key authentication mechanism. Authentication using autokey is not affected.

A vulnerability in the message authentication code (MAC) validation routine of ntpd could allow an unauthenticated, remote attacker to bypass the NTP authentication feature.

The vulnerability is due to incorrect validation of the MAC field. An attacker could exploit this vulnerability by sending unauthenticated NTP packets to an NTP host that is configured with symmetric key authentication. An exploit could allow the attacker to inject NTP packets to the NTP host without the knowledge of the NTP symmetric key.