The Network Time Protocol (NTP) is used to synchronize a computer's timewith a referenced time source.Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(),ctl_putdata(), and configure() functions. A remote attacker could useeither of these flaws to send a specially crafted request packet that couldcrash ntpd or, potentially, execute arbitrary code with the privileges ofthe ntp user. Note: the crypto_recv() flaw requires non-defaultconfigurations to be active, while the ctl_putdata() flaw, by default, canonly be exploited via local attackers, and the configure() flaw requiresadditional authentication to exploit. (CVE-2014-9295)It was found that ntpd automatically generated weak keys for its internaluse if no ntpdc request authentication key was specified in the ntp.confconfiguration file. A remote attacker able to match the configured IPrestrictions could guess the generated key, and possibly use it to sendntpdc query or configuration requests. (CVE-2014-9293)It was found that ntp-keygen used a weak method for generating MD5 keys.This could possibly allow an attacker to guess generated MD5 keys thatcould then be used to spoof an NTP client or server. Note: it isrecommended to regenerate any MD5 keys that had explicitly been generatedwith ntp-keygen; the default installation does not contain such keys.(CVE-2014-9294)A missing return statement in the receive() function could potentiallyallow a remote attacker to bypass NTP's authentication mechanism.(CVE-2014-9296)All ntp users are advised to upgrade to this updated package, whichcontains backported patches to resolve these issues. After installing theupdate, the ntpd daemon will restart automatically.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center