Headline
CVE-2020-11868: NTP BUG 3592: DoS Attack on Unauthenticated Client
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
Summary
Resolved
4.2.8p14
03 Mar 2020
References
Bug 3592
CVE-2020-11868
Affects
ntp-4.2.8p12 (possibly earlier) and ntp-4.2.8p13,
and 4.3.98 up to, but not including 4.3.100.
Resolved in 4.2.8p14 and 4.3.100.
CVSS2 Score
5.4
AV:N/AC:H/Au:N/C:N/I:N/A:C
CVSS3 Score
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
The fix for 3445 introduced a bug whereby a system that is running ntp-4.2.8p12 or p13 that only has one unauthenticated time source can be attacked in a way that causes the victim’s next poll to its source to be delayed, for as long as the attack is maintained.
Mitigation
- Use authentication with symmetric peers.
- Have enough sources of time.
- Upgrade to 4.2.8p14 or later.
Credit
Reported by Miroslav Lichvar.
Timeline
- 2020 Mar 03: Public release
- 2020 Feb 17: Early Access Program Release: Premier and Partner Institutional Members
- 2019 Jun 05: Notification to Institutional Members
- 2019 May 30: Notification from reporter
Feedback
Was this page helpful?
Glad to hear it!
Sorry to hear that.