NTP (Network TIme Protocol) contains an integer overflow vulnerability that may lead to clients receiving an incorrect date/time offset.
NTP (Network Time Protocol) is a method by which client machines can synchronize the local date and time with a reference server. The server will miscalculate the offset reply, if it receives a request from an NTP client containing a date that is more or less than 34 years of the server's date.
This offset is a 64-bit value, with 32 bits representing whole seconds, and 32 bits representing fractions of a second . The 34-year limit is imposed by the use of a 32-bit signed integer.
Clients making requests of an NTP server and supplying a date/time that is more than 34 years in the future (or past) from the NTP server date/time will receive an incorrect date/time offset from the server, resulting in an incorrect date/time on the client.
NTPd Version 4 resolves this issue.
Thanks to David L. Mills of NTP.org for reporting this vulnerability.
This document was written by Robert D Hanson.
|Date First Published:||2004-03-05|
|Date Last Updated:||2004-03-05 19:06 UTC|