Bug 19316 - ntp installation ships with default password enabled
Summary: ntp installation ships with default password enabled
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: ntp (Show other bugs)
(Show other bugs)
Version: 7.0
Hardware: All Linux
high
medium
Target Milestone: ---
Assignee: Preston Brown
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-10-18 13:16 UTC by David Woodhouse
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-10-18 14:28:49 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description David Woodhouse 2000-10-18 13:16:44 UTC
Even though /etc/ntp.conf has the line

#keys /etc/ntp/keys 

...commented out, and says:
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will.

... ntpd appears to use the default keys file anyway, allowing anyone to
connect to a default RH7 install using the default passwords for keys 1 and
65535. 

Also, bugzilla really ought to have 'ntp' listed, not 'xntp3'.

Comment 1 Jeff Johnson 2000-10-18 13:56:24 UTC
All these values are commented out, and there's already a GREAT BIG WARNING.

Comment 2 Alan Cox 2000-10-18 14:03:08 UTC
Guess again.

Comment 3 David Woodhouse 2000-10-18 14:19:28 UTC
If I didn't work for RHAT my next response would be to post to BugTraq.

The line is commented out in /etc/ntp.conf, yes - as I explicitly mentioned in
my original report. But ntpd uses the keys in /etc/ntp/keys _anyway_.

Did you actually bother to _try_ connecting to a default RH7 installation?



Comment 4 Jeff Johnson 2000-10-18 14:24:18 UTC
'Twasn't a guess:

From /etc/ntp.conf:
#
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will.
#
#keys           /etc/ntp/keys
#trustedkey     65535
#requestkey    65535
#controlkey     65535

bash$ rpm -q ntp
ntp-4.0.99j-j
bash$ rpm -V ntp
.......T c /etc/ntp.conf
..?..... c /etc/ntp/keys

The T is from editing out the one line change to add a ntp server.


Comment 5 Jeff Johnson 2000-10-18 14:26:26 UTC
Ah, I've misread the report. Off to figger what's up with ntp ...

Comment 6 Jeff Johnson 2000-10-18 14:26:55 UTC
Ah, I've misread the report. Off to figger what's up with ntp ...

Comment 7 David Woodhouse 2000-10-18 14:28:47 UTC
For fuck's sake.

passion /home/dwmw2 # tail /etc/ntp.conf 
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will.
#
#keys		/etc/ntp/keys
#trustedkey	65535
#requestkey	65535
#controlkey	65535
passion /home/dwmw2 # cat /etc/ntp/keys 
65535	M	akey
1	M	pass
passion /home/dwmw2 # rpm -V ntp
S.5....T c /etc/ntp.conf
passion /home/dwmw2 # ntpdc `hostname`
ntpdc> addpeer 1.2.3.4
Keyid: 65535
MD5 Password: 
done!
ntpdc> 


Comment 8 Jeff Johnson 2000-10-19 18:04:27 UTC
This is "fixed" in ntp-4.0.99k-2 by
1) commenting out everything in /etc/ntp/keys, no default keys are provided at
all.
2) removing the startup of ntpd with -A. This breaks anonymous multicast
delivery, but that can't be helped.
3) adding comments about -A in both ntp.conf and ntp/keys.

A real "fix" will involve adding some public key crypto based on (perhaps) host
certificates, and/or
enabling the new-fangled autokey functionality available in 4.0.99k, but it's
too soon to attempt
this effort.


Note You need to log in before you can comment on or make changes to this bug.