NTP Amplification Attack

[Arthur Stephens]

The version running on my 3 node proxmox 4.4 cluster is 4.2.6p5 and was recently used for a NTP Amplification Attack - I tried apt-get update then apt-get upgrade ntp but it still comes back as 4.2.6p5 - the vulnerability was fixed in 4.2.7 - how do I get my ntp up to date so it can not be exploited like this. In the mean time I blocked all ntp traffic coming to the network that the cluster is on at the edge on our BGP routers using access-lists but that is not my preferred way to resolve this issue.

Thanks

 

[wolfgang]

Hi,

Debian do not dump to newer version but back port the CVE fixes.
Please see.
http://metadata.ftp-master.debian.org/changelogs/main/n/ntp/ntp_4.2.6.p5+dfsg-7+deb8u2_changelog

 

[Arthur Stephens]

Ok Now I just need to figure out how to back port the CVE fixes.

Thansk

 

[tom]

These should be in, just check your local installed ntp changelogs with:

> zless /usr/share/doc/ntp/changelog.Debian.gz

 

[Arthur Stephens]

That looks like the same thing as http://metadata.ftp-master.debian.org/changelogs/main/n/ntp/ntp_4.2.6.p5+dfsg-7+deb8u2_changelog

So I am sorry I have no clue what you are telling me to do :-(

 

[tom]

yes, which CVE do you miss exactly?

 

[Arthur Stephens]

My guess is the one that fixes the MON_GETLIST vurnerability