Network Time Protocol Vulnerabilities

CVEs (6)

Remediations

• All NTP Version 4 releases, prior to Version 4.2.8p1, are vulnerable and need to be updated to Version 4.2.8p1.
• ICS-CERT strongly encourages CIKR users to back up current operational ICS configurations, and thoroughly test the updated software for system compatibility on a test system before attempting deployment on operational systems.
• CERT/CC has published a Vulnerability Note at the following URL: (http://www.kb.cert.org/vuls/id/852879)
• ICS-CERT would like to thank Network Time Foundations ’ NTP Project for coordinating with the Google Security Team Researchers.
• The latest NTP security information and software releases can be accessed at: (http://support.ntp.org/Main/SecurityNotice)
• (http://support.ntp.org/bin/view/Main/SoftwareDownloads)
• The NTP project recommends updating firewall rules to disallow ::1 packets from incoming physical Ethernet ports (mitigation for CVE-2014-9297).
• Additional mitigation guidance and recommended practices are publicly available in the following two publications: Best Practices for Improved Robustness of Time and Frequency Source in Fixed Locations, that is available for download from the ICS-CERT web site (https://ics-cert.us-cert.gov/Other-Reports ).
• ICS‑CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).
• Arbiter has deployed a new firmware based on NTP Version 4.2.8.
• Innomoninate mGuard Firmware Version 7.0 should be upgraded to Version 7.6.7. Innomoninate mGuard Firmware Version 8.0 should be upgraded to Version 8.1.5.
• Please see Meinberg’s public notification and mitigation strategies at: Meinberg Security Advisory: [MBGSA-1405] Multiple NTP Vuln - (https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1405-multiple-ntp-vulnerabilities.htm)
• NTP Download information - (https://www.meinbergglobal.com/english/sw/ntp.htm)
• Please see Siemens’s public notification and mitigation strategies at SSA-671683 NTP Vulnerabilities in Ruggedcom ROX-based Devices, located at (http://www.siemens.com/cert/advisories). This security notification will be updated soon to include new firmware updates.
• Please see Wind River Support Network (http://www.windriver.com/feeds/vxworks_networking_security_notice.xml) Wind River VxWorks 20150108 Security Advisory for NTP, for public notification and mitigation strategies.
• News updates for Wind River Linux: (https://knowledge.windriver.com/Content_Lookup?id=044944)
• News updates for Wind River VxWorks: (http://www.windriver.com/feeds/wrsn.xml)
• There are patches for WR Linux for the other (related) CVEs (2014-9293 - 9286) available at (https://knowledge.windriver.com/?title=Content_Lookup&id=044772)

Affected Vendors

Affected Products (13)