“Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet“. – CERT/NIST Advisory CVE-2014-9295
Major security vulnerabilities in open source Network Time Protocol daemon (NTPd) time synchronization software have been identified in a CERT advisory this week; however, these weaknesses have been present in this widely-used, critical network software for several years. Recognizing the dangers time synchronization exploits pose to critical infrastructure, FSMLabs has designed TimeKeeper to have foundational strong security. None of the currently identified NTPd vulnerabilities (or those identified in previous CERT/NIST alerts) have ever been present in TimeKeeper software or in TimeKeeper based Network GPS Clocks, including both FSMLabs Grandmasters and Spectracom Velasync. Note that NTPd is incorporated in many GPS clocks, network devices, database servers, and appliances throughout the enterprise.
This is only the most recent reminder that critical software infrastructure should be designed with security and resilience in mind and should be appropriately managed and tested. Deliberate security breaches by state and private actors and recent high profile failures of critical trading technology infrastructure which have exposed everything from fragile design to poor software rollouts have highlighted the importance of resilient technology infrastructure. Some of the vulnerabilities in NTPd that were identified by Google and that are the subject of the NIST/CERT advisory are security coding errors of the most well-known kind – buffer overflows. Some of the vulnerabilities come from features that were poorly thought out. None of them would have eluded a serious testing and software quality assurance program, which for financial services organizations or any company dealing with sensitive data should be part of their annual risk assessment.
“NTPd” is a decades old open source software implementation of the Network Time Protocol (NTP) and is the default option for many firms because it comes for free with the base operating systems. Ironically, several of the NTPd security vulnerabilities are in an authentication feature that was added to in an effort to increase security. The feature didn’t really solve the problem, but it did introduce a large amount of complex encryption and management code into NTPd, and that code was apparently not rigorously tested or evaluated closely enough. The authentication code has now proven to be vulnerable to completely different, more serious, exploits. This type of mistaken security extension is a classic cause of security errors in software. Analogously, piling up old furniture in front of a door to make it more difficult for intruders to enter your home might fail to substantively protect the door and make it easier to climb in the window. As the newer free software PTPd code implementing a rival time protocol becomes more widely used and is modified to provide more management features, it will be interesting to see what security issues emerge.
TimeKeeper software and TimeKeeper-based network GPS clocks offer superior accuracy on both standard time protocols (NTP and PTP) in multiple versions and profiles using a ground-up implementation in a proprietary code base. FSMLabs has addressed security for TimeKeeper by careful coding practice, design for security, and extensive and continuous testing. TimeKeeper is designed specifically for Enterprise with focus on manageability, resilience, and security as well as accuracy. FSMLabs urges management looking at TCO for clock synchronization to take costs of urgent response to these types of vulnerabilities into account.