Talos Vulnerability Report
Network Time Protocol Remote Configuration Denial of Service Vulnerability
Oct 21, 2015
An exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol. A specially crafted configuration file could cause an endless loop resulting in a denial of service. An attacker could provide a the malicious configuration file to trigger this vulnerability.
When sending a remote configuration file, an attacker can enable extended logging via the logconfig=allall setting. An attacker can also set the keys file when specifying this remote configuration. If the attacker sets the keys file to be the log file, the key parsing will go into an endless loop. NTP will log an invalid key in parsing, and will then subsequently parse that line as a key and again log the error, continuing in an infinite loop.
Discovered by Yves Younan of Cisco Talos.