Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability

2015-04-08T16:41:16
ID CISCO-SA-20150408-CVE-2015-1799
Type cisco
Reporter Cisco
Modified 2015-07-23T12:35:31

Description

A vulnerability in authentication code of ntpd could allow an unauthenticated, remote attacker to inject NTP state variables without knowledge of the NTP keys.

The vulnerability is due to invalid processing of the NTP packets when authentication fails. An attacker could exploit this vulnerability by periodically sending NTP packets with set NTP state variables. A successful exploit could allow the attacker to disrupt communication between NTP hosts, preventing synchronization.

A vulnerability in ntpd could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system.

The vulnerability is due to improper processing of Network Time Protocol (NTP) packets when handling symmetric key authentication failures. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack to periodically transmit crafted NTP packets with set NTP state variables. An exploit could allow the attacker to disrupt communication between NTP hosts, preventing synchronization and leading to a DoS condition for legitimate users.

NTP.org has confirmed this vulnerability in a security advisory and released software updates.

To exploit this vulnerability, an attacker may require access to trusted, internal networks to send crafted requests to the affected software. This access requirement could limit the likelihood of a successful exploit.

An attacker may attempt to perform a man-in-the-middle attack to send crafted packets to the targeted device in an attempt to exploit this vulnerability.

Reports indicate that systems that are configured to use the symmetric key authentication mechanism are affected.