Thursday April 24, 2025

Advisory ID: NCC-CSIRT-2025-004

Summary: 

Multiple vulnerabilities have been identified in older versions of NTP, which could be exploited to cause Denial of Service, remote code execution, or time spoofing. 

Version(s): CVE-2023-26554, CVE-2023-26555, CVE-2023-26556

Damage/Probability: HIGH/HIGH

Product(s): Network Time Protocol Daemon (ntpd) 

Version(s): Network Time Protocol Daemon (ntpd)

Platform(s): Unix/Linux systems, BSD, Windows.

Description: 

The vulnerabilities stem from memory corruption, improper input validation, and insecure control message handling in NTP. Exploitation could allow attackers to crash services, gain remote access, or manipulate time across devices, affecting logs, certificates, and other security mechanisms.

Consequences:  

  • Disruption of network synchronization

  • Unauthorized control of system time
  • Remote system compromise
  • Interruption of time-based authentication systems

Solution: 

  • Upgrade to NTP version 4.2.8p16 or later

  • Consider migrating to Chrony for secure time synchronization
  • Restrict NTP access via firewalls
  • Disable unused features like monlist and control mode
  • Monitor NTP traffic for anomalies

References: