"Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code with the privileges of the ntpd process"
So not root, but some lousy service user.
Right? RIGHT?
Critical holes have been reported in the implementation of the network time protocol (NTP) that could allow unsophisticated attackers root access on servers. System administrators may need to forego the Christmas beers and roasted beasts until they've updated NTP daemons running versions 4.2.8 and below. The grinch bug was …
ntpd is usually heavily guarded, at least on Debian, it can't do very much. I think it needs to be root as it needs to adjust the clock.
If you are running an actual stratum 0 server, you may in fact even have turned off those additional limitations so your ntpd can talk to your PPS input.
ntpd needs root
Not really. This is why it drops everything immediately after startup.
This post has been deleted by its author
I don't see how this is an issue. Most (99%) of ntpd servers are on local network, and already the noquery ... restrict commands are default. This is an issue for stratum 0/1 folks, and they are on the ball anyway - and it's not like you have 1000's of ntpd daemons running is it?
Lastly, I will have my chrissy (WTF is that?) lunch - I just updated both my Slack servers to the latest code building from source in about 30 minutes - it is so easy.
You all still believe all attacks come from outside only - that's not true, and also if an attacker has a foothold inside your systems it can try to attack more other sytems exploiting vulnerabilities you may not patch "because this system is not accessible externally". Today you can no longer think "systems on the LAN are secure as long as they are not directly accessible from outside".
But I see the attitude to dismiss any *nix big bug persists... had it been on a Windows DC (which are not usually accessible from outside as well...) you will be crying loud how Windows systems are unsecure...
Theoretically, yes, you could force machine's clocks back/forward to get round some time-related checks.
In practice it is harder as any sensible NTP system will be using 4 or more time sources to allow the rejection of bad sources (AKA 'false tickers'). Of course, if you p0wn all of the sources as all are on the LAN and no one considered an "inside job" for attack (as LDS pointed out above), then you are free to do so...