Vulnerability alert: Google security researchers discovered NTP-Network Time Protocol the latest vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201457201
Type myhack58
Reporter 佚名
Modified 2014-12-22T00:00:00


Google security researchers recently discovered, NTP Protocol, the Network Time Protocol, there have been some new serious vulnerabilities, NTP 4.2.8 prior versions are affected, a hacker can exploit these vulnerabilities to expand the remote attack.

NTP 4.2.8 previous versions are affected

The NTP Protocol is used between the computer systems of a network time synchronization Protocol.

In the NTP 4.2.8 prior versions are affected by this vulnerability effects. Even more serious is that the researchers have the real environment found under real attack cases and the corresponding vulnerability using the program EXP is. In this series of the NTP Protocol vulnerabilities, including remote buffer overflows and other serious problems that hackers can easily add these using the old version of the NTP service of the server black out.


The exploit program EXP has been in the underground streaming

ICS-CERT industrial control Emergency Response Center consultants says:

“Google security team member Neel Mehta and Stephen Roettger have worked with CERT/CC collaborative research NTP Protocol multiple vulnerabilities. Since the NTP Protocol in the industrial control system widely used, the NCCIC/ICS-CERT to us critical infrastructure asset managers and customers early warning, and hope soon to find fix or mitigation measures.”

The vulnerability can be remotely exploited, the exploit program EXP also has been in the underground Black Market is widespread. Hackers need only send a single packet, it is possible for the NTP buffer overflow and thus execute malicious code, The last of the NTPD process to the system privilege elevation operation.

The use of the NTP vulnerability the history of the attack cases

In the previous attacks, the attackers often use the NTP Protocol vulnerabilitiesDDoSattacks, such as in 2 0 1 3 years Christmas has seen a series of NTP reflection typeDDoSattack case.

NTP uses UDP 1 2 3 port contains a named monlist module, NTP server receives the monlist request can be up to return 1 0 0 response packet. Therefore the attacker by forging the victim host's IP address, to the whole network the NTP server sends a monlist request, the NTP server and then to the victim host to return large amounts of data packets, resulting in network congestion. This is a typical distributed reflection denial of service(DRDoS attacks.

[1] [2] next