NTP BUG 3043: Autokey association reset
Last update: June 27, 2022 20:45 UTC (51d68a4aa)
Summary
Description
An attacker who is able to spoof a packet with a correct origin timestamp before the expected response packet arrives at the target machine can send a CRYPTO_NAK
or a bad MAC and cause the association’s peer variables to be cleared. If this can be done often enough, it will prevent that association from working.
Mitigation
Credit
This weakness was discovered by Miroslav Lichvar of Red Hat.
Timeline