Redhat.comRH:CVE-2020-13817CVE-2020-13817
EPSS
Percentile
93.5%
A high-performance ntpd instance that gets its time from unauthenticated IPv4 time sources may be vulnerable to an off-path attacker who can query time from the victimβs ntpd instance. An attacker who can send a large number of packets with the spoofed IPv4 address of the upstream server can use this flaw to modify the victimβs clock by a limited amount or cause ntpd to exit.
Mitigation
1. Have enough trustworthy sources of time.
2. If you are serving time to a possibly hostile network, have your system get its time from other than unauthenticated IPv4 over the hostile network.
3. Use NTP packet authentication where appropriate.
4. Pay attention to error messages logged by ntpd.
5. Monitor your ntpd instances. If the pstats command of ntpq shows the value for "bogus origin" is increasing then that association is likely under attack.
6. If you must get unauthenticated time over IPv4 on a hostile network, Use restrict β¦ noserve to prevent this attack (note that this is a heavy-handed protection), which blocks time service to the specified network.
Related
