Attackers could have manipulated clocks on infected PCs

Oct 22, 2015 10:54 GMT  ·  By

Eight security vulnerabilities have been discovered by Cisco researchers in the Network Time Protocol (NTP) used by Linux, Mac, and BSD OS distributions.

If this were April 1, we would think this is a bad joke. Why? Because the vulnerabilities were announced on October 21, 2015, the date on which Michael J. Fox traveled to the future in the famous "Back to the Future 2" movie.

Surprisingly, one of the 8 security vulnerabilities discovered by Cisco's engineers allows attackers to manipulate a target's clock, making the victim believe they traveled to the future.

All jokes aside, the vulnerabilities identified by Cisco's staff affect the Network Time Protocol daemon (ntpd), responsible for synchronizing time across computer networks (like the Internet, Intranets or smaller LANs).

The reported vulnerabilities include an error handling logic error that bypassed proper authentication, procedures letting attackers change local system time; multiple memory corruption issues that open the protocol for buffer overflow or use-after-free attacks; multiple vulnerabilities that caused DoS (Denial of Service) states by crashing the daemon or making it enter an infinite loop; and a directory traversal and file overwrite issue that allowed attackers to overwrite ntpd configs.

All versions between NTP 4.2.5p186 and 4.2.8p3 are vulnerable, but the good news is that NTP developers issued a new version yesterday that fixes the reported problems.