Bug 61566

Summary:	dateconfig provides unsecure configuration for ntpd
Product:	[Retired] Red Hat Linux	Reporter:	Benjamin Shrom <benjamin_shrom>
Component:	ntp	Assignee:	Brent Fox <bfox>
Status:	CLOSED RAWHIDE	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	7.2	CC:	benjamin_shrom
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2002-03-25 16:36:49 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Benjamin Shrom 2002-03-21 16:30:04 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)

Description of problem:
dateconfig provides unsecure configuration for ntpd, which allows 
use of ntpdc from any other host to reconfigure ntpd

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Preconditions: installed NTP and Dataconfig packages.
2.Use dateconfig to configure ntp (enter time server information)
3.Start ntpd
4.Connect to ntpd from "malicious" host to your host.
(>ntpdc your.host.com)
5.Add peer/server (ntpdc>addserver malicious.server.com)
6.For key enter any number (for ex: 1)
7.For password enter any password (for ex: dkdk)
8.Review ntpd configuration (ntpdc>peers)
9.Unconfigure correct timeserver: (ntpdc>unconfig time.server.com)
10.Review ntpd configuration (ntpdc>peers)
	

Actual Results:  Time will be synchronized to the malicious time server.

Expected Results:  User should not be able to change configuration ntpd from 
other hosts,unless allowed to.

Additional info:

Comment 1 Brent Fox 2002-03-21 17:29:20 UTC

Well, dateconfig just modifies the ntp.conf file and then calls 'service ntpd
start'.  The behavior you are describing is caused by ntpdc (which is part of
the NTP RPM), not dateconfig.  Changing component of the bug report to 'ntp'.

Comment 2 Harald Hoyer 2002-03-25 10:33:58 UTC

As reported:   
   
_dateconfig_ provides _unsecure_ configuration for ntpd, which allows the use of
ntpdc from any other host to reconfigure ntpd.   
   
This means: you can modify the timeserver remotly!!!!

Comment 3 Harald Hoyer 2002-03-25 16:36:43 UTC

I think 
authenticate yes 
would be the best answer

Comment 4 Brent Fox 2002-03-27 21:04:37 UTC

Ok, I've modified dateconfig to only change the 'server' line in your ntp.conf
file.  The dateconfig in Rawhide (
ftp://ftp.redhat.com/pub/redhat/linux/rawhide/i386/RedHat/RPMS/dateconfig-0.7.5-2.i386.rpm)
does the right thing.

If you have already set up an insecure configuration of ntp (or if the default
ntp configuration is insecure) then dateconfig will not change that value. 
Dateconfig will only change the name of the server in the file.

Comment 5 Brent Fox 2002-03-28 16:04:24 UTC

Correction: 
ftp://ftp.redhat.com/pub/redhat/linux/rawhide/i386/RedHat/RPMS/dateconfig-0.7.5-3.i386.rpm

Not dateconfig-0.7.5-2.i386.rpm.

Typo on my part.

Comment 6 Brent Fox 2002-03-28 16:06:29 UTC

dateconfig-0.7.5-3 is available for IA-64 as well at:

ftp://ftp.redhat.com/pub/redhat/linux/rawhide/ia64/RedHat/RPMS/