As per upstream NTP security advisory: If no 'auth' key is set in the configuration file, ntpd would generate a random key on the fly. There were two problems with this: 1) the generated key was 31 bits in size, and 2) it used the (now weak) ntp_random() function, which was seeded with a 32-bit value and could only provide 32 bits of entropy. This was sufficient back in the late 1990s when the code was written. Not today. Mitigation: Upgrade to 4.2.7p11 or later. This vulnerability was noticed in ntp-4.2.6 by Neel Mehta of the Google Security Team.
Upstream mentions the issue was fixed in 4.2.7p11. The following commit from between 4.2.7p10 and 4.2.7p11 seems to remove automatic auth key generation among other changes. Commit message does not mention removal of the code at all: http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs&REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw Upstream change to the NEWS file with details quoted in comment 0: http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=5493dc3dofY6drKJde9W-5O1M3s4eg
Upstream bug: http://bugs.ntp.org/show_bug.cgi?id=2665
External References: https://access.redhat.com/articles/1305723 http://support.ntp.org/bin/view/Main/SecurityNotice#Weak_default_key_in_config_auth
Created ntp tracking bugs for this issue: Affects: fedora-all [bug 1176191]
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2014:2025 https://rhn.redhat.com/errata/RHSA-2014-2025.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2014:2024 https://rhn.redhat.com/errata/RHSA-2014-2024.html
ntp-4.2.6p5-19.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
ntp-4.2.6p5-25.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
ntp-4.2.6p5-13.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Blog post from the original reporter, which mentions how this issue can help with exploitation of other issue (CVE-2014-9295, bug 1176037): http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html
Mitigation: Issue these commands to explicitly generate a strong key and add it to the ntpd configuration: echo trustedkey 65535 >> /etc/ntp.conf printf "65535\tM\t%s\n" $(tr -cd a-zA-Z0-9 < /dev/urandom | head -c 16) >> /etc/ntp/keys The generated key has about 95 bits of entropy.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Via RHSA-2015:0104 https://rhn.redhat.com/errata/RHSA-2015-0104.html