Synchronise your watches before someone exploits DDOS bug, or nine other nasties
The maintainers of the Network Time Protocol daemon (ntpd) have pushed out a patch for ten security vulnerabilities.
Leading the fixfest is a trap-crash turned up by Cisco’s Matthew Van Gundy.

If ntpd is configured with the trap service enabled, a malformed packet causes a null pointer dereference and crash it.
A Windows bug fixed in ntpd Version ntp-4.2.8p9 is triggered by an oversized UDP packet, and its discoverer, Magnus Stubman, has posted proof-of-concept code here.
CERT’s full list of the vulnerabilities and fixes is here.
The NTP daemon is ubiquitous, and while it gets the most attention when attackers use it for DDoS attacks (such as in late 2013 when it was deployed against Battle.net, League of Legends and Steam), pretty much any ‘net-facing server is running it, and is therefore potentially vulnerable to the latest brace of bugs. ®
Sponsored: Customer Identity and Access Management

Leave a Reply