Advisory ID: NCC-CSIRT-2025-004
Summary:
Multiple vulnerabilities have been identified in older versions of NTP, which could be exploited to cause Denial of Service, remote code execution, or time spoofing.
Version(s): CVE-2023-26554, CVE-2023-26555, CVE-2023-26556
Damage/Probability: HIGH/HIGH
Product(s): Network Time Protocol Daemon (ntpd)
Version(s): Network Time Protocol Daemon (ntpd)
Platform(s): Unix/Linux systems, BSD, Windows.
Description:
The vulnerabilities stem from memory corruption, improper input validation, and insecure control message handling in NTP. Exploitation could allow attackers to crash services, gain remote access, or manipulate time across devices, affecting logs, certificates, and other security mechanisms.
Consequences:
-
Disruption of network synchronization
- Unauthorized control of system time
- Remote system compromise
- Interruption of time-based authentication systems
Solution:
-
Upgrade to NTP version 4.2.8p16 or later
- Consider migrating to Chrony for secure time synchronization
- Restrict NTP access via firewalls
- Disable unused features like monlist and control mode
- Monitor NTP traffic for anomalies
References: