61566 – dateconfig provides unsecure configuration for ntpd

Bug 61566 - dateconfig provides unsecure configuration for ntpd

Summary: dateconfig provides unsecure configuration for ntpd

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	ntp
Sub Component:
Version:	7.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Brent Fox
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-03-21 16:30 UTC by Benjamin Shrom
Modified:	2008-05-01 15:38 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2002-03-25 16:36:49 UTC
Embargoed:

Attachments	(Terms of Use)

Description Benjamin Shrom 2002-03-21 16:30:04 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)

Description of problem:
dateconfig provides unsecure configuration for ntpd, which allows 
use of ntpdc from any other host to reconfigure ntpd

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Preconditions: installed NTP and Dataconfig packages.
2.Use dateconfig to configure ntp (enter time server information)
3.Start ntpd
4.Connect to ntpd from "malicious" host to your host.
(>ntpdc your.host.com)
5.Add peer/server (ntpdc>addserver malicious.server.com)
6.For key enter any number (for ex: 1)
7.For password enter any password (for ex: dkdk)
8.Review ntpd configuration (ntpdc>peers)
9.Unconfigure correct timeserver: (ntpdc>unconfig time.server.com)
10.Review ntpd configuration (ntpdc>peers)
	

Actual Results:  Time will be synchronized to the malicious time server.

Expected Results:  User should not be able to change configuration ntpd from 
other hosts,unless allowed to.

Additional info:

Comment 1 Brent Fox 2002-03-21 17:29:20 UTC

Well, dateconfig just modifies the ntp.conf file and then calls 'service ntpd
start'.  The behavior you are describing is caused by ntpdc (which is part of
the NTP RPM), not dateconfig.  Changing component of the bug report to 'ntp'.

Comment 2 Harald Hoyer 2002-03-25 10:33:58 UTC

As reported:   
   
_dateconfig_ provides _unsecure_ configuration for ntpd, which allows the use of
ntpdc from any other host to reconfigure ntpd.   
   
This means: you can modify the timeserver remotly!!!!

Comment 3 Harald Hoyer 2002-03-25 16:36:43 UTC

I think 
authenticate yes 
would be the best answer

Comment 4 Brent Fox 2002-03-27 21:04:37 UTC

Ok, I've modified dateconfig to only change the 'server' line in your ntp.conf
file.  The dateconfig in Rawhide (
ftp://ftp.redhat.com/pub/redhat/linux/rawhide/i386/RedHat/RPMS/dateconfig-0.7.5-2.i386.rpm)
does the right thing.

If you have already set up an insecure configuration of ntp (or if the default
ntp configuration is insecure) then dateconfig will not change that value. 
Dateconfig will only change the name of the server in the file.

Comment 5 Brent Fox 2002-03-28 16:04:24 UTC

Correction: 
ftp://ftp.redhat.com/pub/redhat/linux/rawhide/i386/RedHat/RPMS/dateconfig-0.7.5-3.i386.rpm

Not dateconfig-0.7.5-2.i386.rpm.

Typo on my part.

Comment 6 Brent Fox 2002-03-28 16:06:29 UTC

dateconfig-0.7.5-3 is available for IA-64 as well at:

ftp://ftp.redhat.com/pub/redhat/linux/rawhide/ia64/RedHat/RPMS/

Note You need to log in before you can comment on or make changes to this bug.