Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

NTP-based denial-of-service vulnerability

0

0

Article ID: JSA10294 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
FA-SW-0104-004
Product Affected:
All versions of JUNOS software released before April 5, 2001, including 4.1R1 through 4.1R3, 4.2R1 through 4.2R3, and 4.3R1 through 4.3R3.
Problem:
A buffer overflow bug in the NTP daemon process xntpd can be exploited to corrupt certain statistics maintained by xntpd. In more recent versions of xntpd, the bug can be exploited to disrupt timekeeping functions on the router, and might also provide an attacker with the means to obtain root access to the router; however, the Juniper version of xntpd is not susceptible. Details of the bug can be found at http://www.securityfocus.com/archive/1/174011
Solution:
Implement a fix to the JUNOS software based on the patch presented in the URL referenced above .
Implementation:
The fix will be included in all future releases of JUNOS software. A fixed xntpd image is available for all current releases of JUNOS software: 4.1R1 through 4.1R3, 4.2R1 through 4.2R3, and 4.3R1 through 4.3R3.

To install the patched ntp daemon, retrieve it from the Juniper ftp site:

user@M40> file copy ftp://www-int.juniper.net/www-int/service/salestools/fieldupgrade/xntpd /var/tmp/xntpd

Then, exit to the shell prompt, gain root access to the router, and verify that the xntpd file you just copied is valid:

user@M40> start shell
% su
% md5 /var/tmp/xntpd
md5 (/var/tmp/xntpd) = ff68a1a8f0974743f54349261f9e5d0a
%
Finally, save the old copy of xntpd, and copy the replacement image to the correct location:
% mv /usr/sbin/xntpd /usr/sbin/xntpd.orig

% cp /var/tmp/xntpd /usr/sbin/xntpd

% chown root.bin /usr/sbin/xntpd

% chmod 555 /usr/sbin/xntpd
The patched version of xntpd will be started the next time you commit a change to your NTP configuration. The simplest way to do this is to deactivate and then reactivate NTP:

% cli
root@M40> configure
Entering configuration mode
[edit]
root@M40# deactivate system ntp
[edit]
root@M40# commit
commit complete
[edit]
root@M40# activate system ntp
[edit]
root@M40# commit and-quit
commit complete
Exiting configuration mode
root@M40> quit
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search