Article updated December 24 at 12:30 pm
If Apple opened for the first time the security patch to push to patch vulnerabilities detected on the NTP, the brand with apple computers are not the only ones potentially affected by newly discovered flaws in the protocol. Users positions may little but the servers that are based on implementations of this protocol to synchronize the clocks of the different machines connected should apply security patches in order to prevent possible attacks exploiting these vulnerabilities.
The flaws were reported last weekend by two employees of the Google team and the alert was quickly taken over by the US CERT. The flaws corrected in the latest 4.2.8 NTP are essentially buffer overflow attacks (buffer overflow) allows an attacker to execute malicious code on the machine with the privilege level of the NTP process on the machine. The US CERT nevertheless note three characteristics: the flaws can be exploited remotely without therefore require access to the local network, examples of achievements already circulating on the net and few technical skills are needed to take advantage of these vulnerabilities.
If the average Joe finally has enough little fear of an attack of this type, the situation changes for servers and SCADA systems often use NTP through its different implementations to synchronize their different clocks. The update is available on the official website of the protocol and the Linux distributions (Red Hat here) affected currently working on specific patches to prevent any risk of attack.
The NTP protocol has already been pointed earlier this year in case of attack DDoS amplification: the protocol functions make it possible to boost traffic sent towards the server through the use of spoofing. If the DNS amplification was particularly fashionable in 2013, notably through the Spamhaus case, 2014 saw an increase of DDoS operator noticed NTP. CloudFlare The company had already reported in February of important ddos attacks based on this technique.
No comments:
Post a Comment