NTP BUG 3012(p12 update): Sybil vulnerability: ephemeral association attack
Last update: June 28, 2022 20:06 UTC (57417e17c)
|14 Aug 2018
While fixed in ntp-4.2.8p7 and with significant additional protections for this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in the new
noepeer support. Refer to CVE-2016-1549 for additional info.
||All ntp-4 releases up to, but not including 4.2.8p7, and 4.3.0 up to, but not including 4.3.94.
||Resolved in 4.2.8p11. Improved in 4.2.8p12 and 4.3.94.
ntpd can be vulnerable to Sybil attacks. If a system is set up to use a trustedkey and if one is not using the feature introduced in ntp-4.2.8p6 allowing an optional 4th field in the
ntp.keys file to specify which IPs can serve time, a malicious authenticated peer – i.e. one where the attacker knows the private symmetric key – can create arbitrarily-many ephemeral associations in order to win the clock selection of
ntpd and modify a victim’s clock. Two additional protections are offered in ntp-4.2.8p11. One is the
noepeer directive, which disables symmetric passive ephemeral peering. The other extends the functionality of the 4th field in the
ntp.keys file to include specifying a subnet range.
- Implement BCP-38.
- Upgrade to 4.2.8p12 or later.
- Use the
noepeer directive to prohibit symmetric passive ephemeral associations.
- Use the
ippeerlimit directive to limit the number of peer associations from an IP.
- Use the 4th argument in the
ntp.keys file to limit the IPs and subnets that can be time servers.
- Properly monitor your
This weakness was originally discovered by Matthew Van Gundy of Cisco ASIG. The edge-case hole in the noepeer processing was reported by Martin Burnicki of Meinberg.