[svlug] Serious NTP security holes

Jason Fritcher jkf at wolfnet.org
Tue Dec 23 01:37:48 PST 2014

Previous message: [svlug] Serious NTP security holes
Next message: [svlug] Serious NTP security holes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Dec 23, 2014, at 12:24 AM, Rick Moen <rick at svlug.org> wrote:
> 
> 3.  If, hypothetically, maybe, somehow, that were to happen, then the
> misbehaving, strategically poked ntpd process would be weilding the
> authority of the original process.  ISC ntpd on Linux runs as the ntp user,
> which is a user that can't do hardly anything except ntp.  It's a boringly
> unprivileged process before attack, so it remains that after hypothetical
> takeover by carefully crafted packet, too.

Achieving a remote code execution means they're in the box, and it's only a matter of time before a local privilege escalation is found, especially in light of CVE-2014-9322. That looks like an easy exploit and I doubt a significant portion of the Linux user base has had a chance to patch for it yet.

--
Jason
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2535 bytes
Desc: not available
Url : http://lists.svlug.org/archives/svlug/attachments/20141223/62fe6ebb/smime-0001.bin

Previous message: [svlug] Serious NTP security holes
Next message: [svlug] Serious NTP security holes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list