[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntp-bugs
Subject:    [ntp:bugs] [Bug 2542] New: mrulist nonce could be stronger
From:       bugzilla-daemon () ntp ! org
Date:       2014-01-21 20:23:38
Message-ID: bug-2542-35 () http ! bugs ! ntp ! org/
[Download RAW message or body]

http://bugs.ntp.org/show_bug.cgi?id=2542

             Bug #: 2542
           Summary: mrulist nonce could be stronger
           Product: ntp
           Version: 4.2.7
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P3
         Component: ntpd
        AssignedTo: stenn@ntp.org
        ReportedBy: stenn@ntp.org
                CC: bugs@ntp.org, mlichvar@redhat.com
             Group: Security
    Classification: Unclassified


Harlan Stenn <stenn@ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |blocking4.2.8+

Miroslav notes:

The nonce implemented in the mrulist command seems to be too weak. It
uses salt consisting of a 32-bit random part and a 32-bit part set to
the sum of characters from ntp.conf, which is quite predictable. The
nonce doesn't change after first initialization. I think an attacker
can request a nonce and use brute-force search to find the salt and
then calculate the nonce for any IP address he wants.

I'd suggest to extend the random part and update it periodically.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
bugs mailing list
bugs@lists.ntp.org
http://lists.ntp.org/listinfo/bugs
[prev in list] [next in list] [prev in thread] [next in thread]