This article is more than 1 year old

Dangerous NTP hole ruins your Chrissy lunch

Sysadmins: Down beers and patch now!

Critical holes have been reported in the implementation of the network time protocol (NTP) that could allow unsophisticated attackers root access on servers.

System administrators may need to forego the Christmas beers and roasted beasts until they've updated NTP daemons running versions 4.2.8 and below.

The grinch bug was announced by the US Industrial Control Systems Emergency Response Team, which received news of the hole from Google security researchers.

"Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code with the privileges of the ntpd process," the agency said in an advisory.

"An attacker with a low skill would be able to exploit these vulnerabilities.

"Exploits that target these vulnerabilities are publicly available."

Google's Neel Mehta and Stephen Roettger reported two serious and four "less-serious" bugs which were patched in 4.2.8 released 18 December.

These included weak default keys, weak random number generator seeds, and buffer overflows.

Admins should backup operational industrial control system configurations and test the patch prior to deployment, the computer emergency response team urged.

It's also advisable to harden systems by minimising network exposure, including by shoving remote devices and - where applicable - control system networks behind firewalls and into isolated zones. ®

More about


Send us news

Other stories you might like