Talos Vulnerability Report

TALOS-2015-0055

Network Time Protocol Remote Configuration Denial of Service Vulnerability

Oct 21, 2015
Description

An exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol. A specially crafted configuration file could cause an endless loop resulting in a denial of service. An attacker could provide a the malicious configuration file to trigger this vulnerability.

Tested Versions

ntp 4.2.8p2

Product URLs

http://www.ntp.org

Details

When sending a remote configuration file, an attacker can enable extended logging via the logconfig=allall setting. An attacker can also set the keys file when specifying this remote configuration. If the attacker sets the keys file to be the log file, the key parsing will go into an endless loop. NTP will log an invalid key in parsing, and will then subsequently parse that line as a key and again log the error, continuing in an infinite loop.

Credit

Discovered by Yves Younan of Cisco Talos.