NTP BUG 3007: CRYPTO-NAK DoS

Last update: April 22, 2024 18:49 UTC (7e7bd5857)

---

Summary

Resolved	4.2.8p7	26 Apr 2016
References	Bug 3007	CVE-2016-1547
Affects	All ntp-4 releases up to, but not including 4.2.8p7, and 4.3.0 up to, but not including 4.3.92.	Resolved in 4.2.8p7.
CVSS2 Score	MED 4.3	AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3 Score	LOW 3.7	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

---

Description

For ntp-4 versions up to but not including ntp-4.2.8p7, an off-path attacker can cause a preemptable client association to be demobilized by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.

Furthermore, if the attacker keeps sending crypto NAK packets, for example one every second, the victim never has a chance to reestablish the association and synchronize time with that legitimate server.

For ntp-4.2.8 thru ntp-4.2.8p6 there is less risk because more stringent checks are performed on incoming packets, but there are still ways to exploit this vulnerability in versions before ntp-4.2.8p7.

---

Mitigation

• Implement BCP-38.
• Upgrade to 4.2.8p7 or later.
• Properly monitor your ntpd instances.

---

Credit

This weakness was discovered by Stephen Gray and Matthew Van Gundy of Cisco ASIG.

---

Timeline

• 2016 Apr 26: Public release
• 2016 Apr 12: Early Access Program Release: Premier and Partner Institutional Members
• 2016 Feb 14: Notification to Institutional Members
• 2016 Jan 12: Initial notification from Cisco