The panic_gate check in NTP prior to 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote malicious users to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject fedora 21 |
||
fedoraproject fedora 22 |
||
suse linux enterprise desktop 12 |
||
suse linux enterprise server 12 |
||
suse linux enterprise server 11 |
||
suse linux enterprise server 10 |
||
opensuse leap 42.1 |
||
suse openstack cloud 5 |
||
suse linux enterprise debuginfo 11 |
||
suse manager proxy 2.1 |
||
suse manager 2.1 |
||
suse suse linux enterprise server 12 |
||
suse linux enterprise software development kit 12 |
||
opensuse opensuse 13.2 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux hpc node 7.0 |
||
redhat enterprise linux hpc node eus 7.1 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux hpc node 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux server eus 6.7.z |
||
redhat enterprise linux server eus 7.1 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |
||
ntp ntp |
Get rid of ntpdate, patch ntpd, says security researcher
Time-based two-factor authentication tokens, and plug-ins that use them, are only as good as your time signal, and in the right (wrong) circumstances, they can be brute-forced. Security researcher Gabor Szathmari says the problem is that if your 2FA tokens depend on the network time protocol (NTP), it's too easy for a sysadmin to put together an attackable implementation. As he explains in two posts here (the background) and here (proof of concept), if an attacker can trick NTP, they can mount a...