NTP: Network Time Protocol Daemon crypto-NAK Authentication Bypass

This signature detects attempts to exploit a known vulnerability against NTP Daemon. The vulnerability is due to improper validation of crypto-NAK packets that leads to an NTP Symmetric association to be established with an unauthorized peer. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted crypto-NAK NTP packet to the vulnerable service. Successful exploitation will let the attacker change the time on the target system, resulting in a policy bypass and potentially other security vulnerabilities.

Extended Description

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

Affected Products

Netapp oncommand_performance_manager

References

CVE: CVE-2015-7871

Short Name
NTP:CRYPTO-NAK-AUTH-BYPASS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
NTP
Keywords
Authentication Bypass CVE-2015-7871 Daemon Network Protocol Time crypto-NAK
Release Date
02/08/2016
Supported Platforms

srx-branch-19.3

vsrx3bsd-19.2

srx-19.4

vsrx3bsd-19.4

srx-branch-19.4

vsrx-19.4

vsrx-19.2

srx-19.3

srx-branch-12.3

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx-12.3

vmx-19.3

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Ntp

Netapp

Debian

CVSS Score

7.5

Found a potential security threat?