NTP Remote Code Execution Exploits Are Spreading

Google security experts have identified vulnerabilities in NTP (Network Time Protocol), a protocol that’s used to synchronize the time on servers across networks. And the researchers warn that there are exploits publicly available for those vulnerabilities.

The vulnerabilities are present in all versions of NTP prior to 4.2.8 

Attackers are using those vulnerabilities to amplify DDoS attacks against target systems. Gary Sockrider from Arbor solutions said “The reason has to do with the amplification factor with NTP reflection attacks, you get 1000 times the amplification; 1000 times the size of the query is reflected back. There’s more cause for alarm with NTP attacks because attackers get a better response rate.” 

Threatpost said in a blog post " On a technical level, NTP amplification attacks are slightly simpler to pull off because attackers require fewer servers and get a greater return for their abuse."

Attackers are able to query NTP servers for traffic counts using the victim’s spoofed source address. In return, the response is much larger than the original request, and with enough vulnerable NTP servers returning requests, a website and/or services are quickly overrun with traffic. 

We strongly recommends you to contact your operating system vendor for NTP 4.2.8 as soon as possible.

No comments

Powered by Blogger.