Time protocol flaw threatens servers

Users were warned today of a serious vulnerability concerning the security of a large number of corporate servers.

The security flaw relates to the Network Time Protocol Domain (NTPD) code used to synchronise time between systems.eSec chief technology officer Michael Paddon said the code is widely used on high-end servers in Large organisations worldwide and may be used to exploit systems over the next few weeks.

"It has only come to our attention in the last 24 hours but the vulnerability is severe because attackers can gain full administrative access to systems running NTPD and is accessible from the Internet," Paddon said.

"Implementing packet filtering won't solve the problem as it is relatively simple for an attacker to pose as a trusted time source and gain access to a server."

Paddon said eSec has locked down the problem and completed an emergency response including the updating of firewalls to its 400 customers.

Join the newsletter!

Error: Please check your email address.

More about eSec

Show Comments

Market Place