Solving Ntpd overflow

  • Thread starter Thread starter Jonathan Jesse
  • Start date Start date
J

Jonathan Jesse

Don't know if this is the best place to post this but recently we had an
outside vendor do some vulnerabilty scanning of our internal network. One
of these that was found was the Ntpd overflow. All of the googling I have
done I have not found anything that refers to the Ntpd overflow in regards
to Microsoft. Is this a false vunlerability? Is there a better place to
post this message?
 
It does not ring a bell for me. I searched Microsoft's website and could
find no reference for Ntpd overflow. Don't these vendors provide any
additional information? Personally I would not use a vendor that can not
also provide some solutions with references. Kind of like taking you car to
the mechanic and he says it is broke but doesn't have a clue as to what is
wrong with it or how to fix it. --- Steve
 
Just an idea, but could it be a typo? Could it be an NNTP overflow
vulnerability?

Check this out and see if it matches up:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0574

Schlarg
_____________

Don't know if this is the best place to post this but recently we had an
outside vendor do some vulnerabilty scanning of our internal network. One
of these that was found was the Ntpd overflow. All of the googling I have
done I have not found anything that refers to the Ntpd overflow in regards
to Microsoft. Is this a false vunlerability? Is there a better place to
post this message?
 
Well after a phone call, and a disappointing converstion with someone who
could "help me out", he said that I needed to disable Windows Time
Services to prevent a buffere overflow. I still haven't seen anything on
microsoft.com or anything like that to confirm there is a problem.

Now according to
http://www.microsoft.com/technet/pr.../technologies/security/ws03mngd/26_s3wts.mspx
I can configure windows time server through a Group Policy, but I don't
want to do this, any help would be appreciated.
 
I agree with you in that I have not seen any major problems with Windows
Time Service. Just be sure your computers are up to date with critical
update after compatibility testing if need be. Windows Time service is a
critical part of an Active Directory domain as kerberos authentication is
time sensitive with a five minute time skew as the default. Do they know
that?? You could eventually have a lot of problems if you disable the
Windows Time service on domain computers including failed logons, denied
access to resources, downlevel [less secure] authentication methods, and
problems with Active Directory replication. I would call him back and ask
where you can find SPECIFIC documentation on the threat, including at
Microsoft.com and in the future use someone who knows what they are doing
that can provide specifics of vulnerabilities found, degree of threat,
specific fixes, and any ramifications of. --- Steve
 
That's truly terrible advice from someone who knows little about Windows.
This is not a person you can trust to scan your Windows systems for
vulnerabilities or give you advice on what you should do. Scanners find and
report all sorts of things and unless you want a whole report full of
useless, un-actionable garbage that does you no good, you need someone who
knows something about the technology in question and common ways to
implement it securely so that they can accurately interpret the scan
results, subtracting things that aren't important and adding things that
aren't in the report by reading between the lines.

I'm not sure Windows has an "ntpd" service anywhere. There is a "Windows
Time Service," but nowhere is it called ntpd. ntpd sounds more like the
scanner found a false alarm and thinks it found a linux or unix
vulnerability where there couldn't possible be one. You won't know for sure
unless they can tell you the CVE number or a URL hyperlink describing the
problem. Ask them to give you a Mitre CVE number, a hyperlink, and/or the
description of the problem and the fix from the scanner's most detailed
report. Then ask them for your money back.
 
Thank you for backing up my opinion and view. Guess I will be spending
part of my Monday morning on the phone trying to figure out what in the
heck they are talking about. Also the posts will help me w/ ammunition
when my boss looks at the reports and asks what the heck does this mean?

I'll let you all know how this resolves...


I agree with you in that I have not seen any major problems with Windows
Time Service. Just be sure your computers are up to date with critical
update after compatibility testing if need be. Windows Time service is a
critical part of an Active Directory domain as kerberos authentication is
time sensitive with a five minute time skew as the default. Do they know
that?? You could eventually have a lot of problems if you disable the
Windows Time service on domain computers including failed logons, denied
access to resources, downlevel [less secure] authentication methods, and
problems with Active Directory replication. I would call him back and ask
where you can find SPECIFIC documentation on the threat, including at
Microsoft.com and in the future use someone who knows what they are doing
that can provide specifics of vulnerabilities found, degree of threat,
specific fixes, and any ramifications of. --- Steve


Jonathan Jesse said:
Well after a phone call, and a disappointing converstion with someone who
could "help me out", he said that I needed to disable Windows Time
Services to prevent a buffere overflow. I still haven't seen anything on
microsoft.com or anything like that to confirm there is a problem.

Now according to
http://www.microsoft.com/technet/pr.../technologies/security/ws03mngd/26_s3wts.mspx
I can configure windows time server through a Group Policy, but I don't
want to do this, any help would be appreciated.
Click to expand...
Click to expand...
 
Back
Top