Bug 1274184 (CVE-2015-7705) - CVE-2015-7705 ntp: denial of service by trigerring rate limiting on NTP server
Summary: CVE-2015-7705 ntp: denial of service by trigerring rate limiting on NTP server
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2015-7705
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20151021,repor...
Depends On: 1296166
Blocks: 1260670
TreeView+ depends on / blocked
 
Reported: 2015-10-22 08:16 UTC by Martin Prpič
Modified: 2019-08-15 05:43 UTC (History)
6 users (show)

Fixed In Version: ntp 4.2.8p4
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-01-07 13:32:23 UTC


Attachments (Terms of Use)

Description Martin Prpič 2015-10-22 08:16:59 UTC
A flaw was found in the way NTP handled rate limiting. An attacker able to send a large number of crafted requests to an NTP server could trigger the rate limiting on that server, and prevent clients from getting a usable reply from the server.

The default NTP configuration in Red Hat Enterprise Linux does not enable rate limiting.

External References:

https://www.cs.bu.edu/~goldbe/NTPattack.html

Comment 4 Martin Prpič 2016-01-06 13:57:24 UTC
Created ntp tracking bugs for this issue:

Affects: fedora-all [bug 1296166]

Comment 6 Martin Prpič 2016-01-07 13:32:23 UTC
While mitigating this particular issue by adding a log message into the log files, the upstream fix may have inadvertently introduced a new issue that could fill up all log files.

The correct fix for this issue is randomized response rate limiting. However, implementing this issue would radically change the way limiting works in NTP and could potentially break other application's functionality relying on this feature currently.

An additional, less intrusive fix for this issue may be developed at a later time and included in later releases of Red Hat Enterprise Linux.

Rate limiting is by default disabled in the ntp packages shipped in Red Hat Enterprise Linux. To specifically disable rate limiting, use the following workaround.

Mitigation:

Do not add the "limited" configuration option to any restrict lines in the ntp.conf file.


Note You need to log in before you can comment on or make changes to this bug.