14 DAY TRIAL // US-CERT has issued an alert regarding the most recent wave of vulnerabilities discovered in ntpd, the NTP (Network Time Protocol) daemon used in almost any device that needs to keep time in one way or another.
There are a few NTP daemons available, but the one that's the most used and about which we're talking here is NTP.org's ntpd daemon, which received two big batches of security bug fixes in the months of April and January 2016.
According to Cisco, a member of Linux Foundation Core Infrastructure Initiative, who agreed to evaluate the Network Time Protocol daemon (ntpd) for security defects, a few of these bugs can allow attackers to launch Denial of Service (DoS) attacks or even bypass authentication procedures.
Since almost any "smart" device deals with time values, the NTP protocol and NTP.org's daemon have been integrated with a large number of devices and works by ensuring that any system clocks are synchronized to a common standard.
Security flaws in this protocol are dangerous since they allow attackers an easy way into almost any target.
NTP, the doorway to any network
The dangers of these types of vulnerabilities in the NTP daemon were showcased by two security researchers only two weeks ago, when they managed to create a network-based exploit that relied on mimicking NTP communications and using it to brick iOS devices using the infamous 1970 bug.
Besides this exploit, Web security vendors are also very well aware that the NTP protocol is also one of the favorite methods of launching DDoS attacks.
US-CERT recommends that webmasters and system administrators heed its warning and apply the most recent patches. The organization even goes on to list all vendors that have implemented NTP.org's ntpd daemon. The list includes 75 names, ranging from Apple to Cisco, and from Google to VMWare.
Administrators should upgrade to firmware versions where the ntpd daemon has been updated to the most recent version (4.2.8p7). Otherwise, they should manually upgrade the daemon themselves.