A proof-of-concept (PoC) exploit for a critical vulnerability in the Network Time Protocol daemon (ntpd) has been publically released that could allow anyone to crash a server with just a single maliciously crafted packet.
The vulnerability has been patched by the Network Time Foundation with the release of NTP 4.2.8p9, which includes a total of 40 security patches, bug fixes, and improvements.
The NTP daemon is used in almost every device that needs to synchronize time on computer clocks. NTP got the most attention in late 2014 and 2015 when hackers used it to launch highly
amplified DDoS attacksagainst services.
The flaw which affects NTP.org's nptd versions prior to 4.2.8p9, but not including ntp-4.3.94, has been
discoveredby security researcher Magnus Stubman, who privately disclosed it to the Network Time Foundation on June 24.
A patch for the vulnerability was developed and sent to Stubman on 29th September and just two days later, the researcher acknowledged that it mitigated the issue. And now he went with the public disclosure.
"The vulnerability allows unauthenticated users to crash ntpd with a single malformed UDP packet, which causes a null pointer dereference," Stubman wrote in an advisory published Monday.
Stubman also released a
PoC exploitthat can crash the NTP daemon and creates a denial-of-service (DoS) condition. The issue only
affects Windows.
Besides Stubman's high severity vulnerability, the latest NTP update also addresses two medium severity bugs, two medium-low severity, and five low-severity security issues; 28 bug fixes, and contains other improvements over 4.2.8p8.
Another major bug is a trap-crash vulnerability
reportedby Cisco's Matthew Van Gundy.
"If trap service has been explicitly enabled, an attacker can send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service," reads the advisory.
CERT at the Software Engineering Institute at Carnegie Mellon University has also released the full list of the vulnerabilities in NTP and fixes. It also listed some vendors that implement NTP and could be affected by the bugs.
Since the exploit for the severe bug is available to the public, administrators are strongly recommended to patch their NTP implementations as soon as possible.
In the past, we have seen
hackers abusing the NTP serversby sending small spoofed UDP packets to the vulnerable server that requests a significant amount of data (megabytes worth of traffic) to be sent to the DDoS's target IP Address.
Above
400 Gbps NTP amplificationDDoS Attack was carried out against content-delivery and anti-DDoS protection firm CloudFlare, and volumetric
DDoS attacks exceeding 100 Gbpsagainst popular Gaming services, including League of Legends, EA.com, and Battle.net from Blizzard in 2014.
In a study conducted by Arbor Networks in late 2013, the researchers illustrated the effectiveness of
NTP amplification attacksthat are massive and efficient to take any large server offline because they reflect 1,000 times the size of the initial query back to the target.
from The Hacker News http://ift.tt/2gjsNOb
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.