Cisco discovers various flaws in Talos’s NTPD

Matthew Van Gundy of Cisco ASIG has discovered multiple
vulnerabilities in Talos, an industry-leading threat intelligence organization
dedicated to providing protection before, during, and after cybersecurity
The company concerned issued a statement on October 21
stating that Cisco had identified multiple vulnerabilities in its Network Time
Protocol Daemon (NTPD).
 “Cisco assesses the
security of software components used in our products. Open source software
plays a key role in many Cisco products and as a result, ensuring the security
of open source software components is vital, especially in the wake of major
vulnerabilities such as Heartbleed and Shellshock,” the company said in the
According to the company, a flaw exists within the NTPD that
manifests due to improper error condition handling associated with certain
crypto-NAK packets.
“An unauthenticated, off­-path attacker can force the NTPD
processes on targeted servers to peer with time sources of the attacker’s
choosing by transmitting symmetric active crypto­-NAK packets to ntpd. This
attack bypasses the authentication typically required to establish a peer
association and allows an attacker to make arbitrary changes to system time,”
it added.
Now, Cisco is evaluating the NTPD for security defects.
As per the researcher, the NTPD is a widely deployed
software package used to synchronize time between hosts. It ships with a wide
variety of network and embedded devices as well as desktop and server operating
systems, including Mac OS X, major Linux distributions, and BSDs.
Cisco has released eight advisories for vulnerabilities that
have been identified by the Talos Group and the Advanced Security Initiatives
Group (ASIG) within Cisco.
“These vulnerabilities have been reported to the NTP Project
in accordance with Cisco vulnerability reporting and disclosure guidelines. The
NTP Project has responded by issuing a Security Advisory along with releasing a
patched version of the NTPD,” the statement added.
Talos has released rules that detect attempts to exploit
these vulnerabilities to protect its customers.

“Please refer to your Defense Center, FireSIGHT Management
Center or,” it added.

Leave a Reply