[c-nsp] Problem encountered while securing NTP
Justin Shore
justin at justinshore.com
Wed Oct 7 03:51:46 EDT 2009
Kevin Graham wrote:
> CSCsw79186. Its broken more than the bug suggests; both v3 and v4 clients are
> get applied only to the 'peer' access-group. I had meant to bring this to
> PSIRT's attention when the advisory went out, but got distracted by something
> shiny.
Excellent catch. I tried to search the BugToolkit today for anything
related to NTP and couldn't get it to work. I rebooted the router
tonight and bumped the rev to 24T1 in hopes that it would fix the issue.
It didn't. Clearly this problem isn't fixed as the BugToolkit
indicates since there isn't a T-train release with the alleged fix in
it. I'll hammer on them later today about this. I don't think that the
severity of the problem is moderate as the bug notes indicate. For me
it's severe since it's affecting NTP from our VoIP phones and soft
switch. I think the PSIRT folks would also disagree with a failure of
NTP being only a moderate issue too since logging with accurate
timestamps is essential to any security model.
Justin
More information about the cisco-nsp
mailing list