Bug 1811627 (CVE-2020-13817)
| Summary: | CVE-2020-13817 ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | carnil, gwync, huzaifas, linville, mlichvar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ntp-4.2.8p14, ntp-4.3.100 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A high-performance ntpd instance that gets its time from unauthenticated IPv4 time sources may be vulnerable to an off-path attacker who can query time from the victim's ntpd instance. An attacker who can send a large number of packets with the spoofed IPv4 address of the upstream server can use this flaw to modify the victim's clock by a limited amount or cause ntpd to exit.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-06-23 17:20:26 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1811628, 1813787, 1841821 | ||
| Bug Blocks: | 1811629 | ||
|
Description
Michael Kaplan
2020-03-09 11:21:19 UTC
Created ntp tracking bugs for this issue: Affects: fedora-all [bug 1811628] External References: http://support.ntp.org/bin/view/Main/NtpBug3596 Mitigation: 1. Have enough trustworthy sources of time. 2. If you are serving time to a possibly hostile network, have your system get its time from other than unauthenticated IPv4 over the hostile network. 3. Use NTP packet authentication where appropriate. 4. Pay attention to error messages logged by ntpd. 5. Monitor your ntpd instances. If the pstats command of ntpq shows the value for "bogus origin" is increasing then that association is likely under attack. 6. If you must get unauthenticated time over IPv4 on a hostile network, Use restrict ... noserve to prevent this attack (note that this is a heavy-handed protection), which blocks time service to the specified network. Statement: All versions of ntp package shipped with Red Hat Enterprise Linux are affected by this flaw. However several mitigations exists, please refer to the mitigation section for more details. Huzaifa, is CVE-2020-13816 a typo here and should it be CVE-2020-13817? https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13817 references the http://support.ntp.org/bin/view/Main/NtpBug3596 and https://bugs.ntp.org/show_bug.cgi?id=3596 whilst CVE-2020-13816 is yet RESERVED. In reply to comment #12: > Huzaifa, is CVE-2020-13816 a typo here and should it be CVE-2020-13817? > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13817 references the > http://support.ntp.org/bin/view/Main/NtpBug3596 and > https://bugs.ntp.org/show_bug.cgi?id=3596 whilst CVE-2020-13816 is yet > RESERVED. i guess so, fixed now This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2663 https://access.redhat.com/errata/RHSA-2020:2663 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-13817 |