Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability

A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload.

Note: The NTP feature is enabled by default.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ntp-dos

Security Impact Rating: Medium

CVE: CVE-2019-1967

Related:

  • No Related Posts

Behavior of 'Preferred' Option when two NTP servers are added

The Prefer option is an NTP level setting. Not only the ADC, but all devices conform to the rules in the RFC : http://doc.ntp.org/3-5.93e/prefer.html

Case 1: When 2 NTP servers are added with preferred option as YES set for both servers.

-It uses mitigation rules defined in the RFC. http://doc.ntp.org/3-5.93e/prefer.html (Please refer to the Mitigation Rules section)

Case 2: When 2 NTP servers are added with preferred option as YES set for one server, and NO for the other server

-The appliance synchronizes with that particular server first which has preferred option as YES.

Related:

  • No Related Posts

NTP not synchronized on Advanced Threat Protection

I need a solution

HI Team,

After running the “status_check” command in Symantec ATP’s CLI i am getting following message:

NTP                                             NOT synchronized!
                                                Please fix NTP configuration, else
                                                the appliance may not function properly.

We are using  Domain Controller (DC) as NTP server. 

As per the symantec KB article:

https://support.symantec.com/en_US/article.TECH250…

if the time servers is a DC, change

*HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeConfig*

LocalClockDispersion from 10 to 0.

I have cheked the same with DC team but they informed me that only Symantec ATP team only reported the error.

No other applications or services team has reported the issue.

DC team can not do the aforementioned changes in their DC server cause it might impact many applications,services and servers in environment.

Can you guys help me with workaround to fix this issue??

Quick response will be appreciated. 

0

Related:

  • No Related Posts

NTP: Tried all configured servers. Unable to obtain NTP update due to NTP server errors

I need a solution

Hi Team,

We are receving below message intermittently in Event logs. I do checked NTP servers all are responding. DNS also fine.

2019-02-28 02:06:54+08:00CST  “NTP: Tried all configured servers. Unable to obtain NTP update due to NTP server errors.”  0 90000:1 Mailed ntp.cpp:880

Before this message we are receiving DNS error looking up for all NTP servers. Attached snap for the same.

Can you please let me know where can be the issue? Is this bug? How to troubleshooting this issue?

Thanks,

Mayur

0

Related:

  • No Related Posts

Time not getting sync on XenServer with NTP

High NTP offset and jitter while delay is low. This can be seen with “ntpq -p”.

Offset is the time difference between the local server and remote

Jitter is the difference between the last and current offset measurements, thus if it is high, it means that the offset is increasing more over time.

Delay is the time that it takes to communicate with the remote server. A low delay means that the issue is not related to network delays.

This measurements tell that NTP is not being able to discipline the clock as it drifts faster than it is able to sync.

Related:

  • No Related Posts

SEPM Time Problem – NTP Wrong Date

I need a solution

Hi

I have a problem with Liveupdate and Log

We have a changes in infrastructer and after that NTP server later than any other server and NTP sync wrong time to all server ( 2036 ) and SEPM and liveupdate working near 1 day with this date and after that we sync correct time but liveupdate and SEPM cant run correctly and cant update because in log file date are 2036

i uninstall liveupdate , cleanup , reregister also delete all file has date modified in 2036 but nothing happened

please help

0

Related:

  • No Related Posts

NTP status displays “No association ID ” error message on Secondary NetScaler

On the Secondary NetScaler, ” No association ID error” gets displayed when “Show NTP Status command ” is executed

Primary NetScaler Appliance:

=======================

> show ntp status

remote refid st t when poll reach delay offset jitter

=======================================================

adljj.john.com .LOCL. 1 u 9 64 7 0.293 -212012 2.175


Secondary NetScaler Appliance:

===========================

> show ntp status

No association ID’s returned

Done

Log Analysis:

==============

1) From the logs, we found that, NTP was configured after upgrade and during that time secondary device interface was down.

2) We can see that interface was down in the time interval of10:01 – 11:18 A.M. In that interval, none of the command gets propagated. Because of that ntp config was missing from secondary.

3) As per current design, even if the Secondary comes UP and the NTP configurations are Synchronized through HA Synchronization, we have to manually restart the NTP Daemon to get the NTP status on Secondary. Which is a current limitation on NetScaler.

4) Hence, Enhancement request was raised to address this limitation. 5) The limitation was fixed in the following versions: 12.1 50.x 12.0 60.x 11.1 60.x

Logs from Primary:

—————————–

var/log/ns.log

ns.log.0:649:Apr 23 10:15:59 <local0.info> X.X.X.X 2018:01:15:59 GMT NetScaler-Internal-TDC-01 0-PPE-1 : default GUI CMD_EXECUTED 136 0 : User nsroot – Remote_ip X.X.X.20 – Command “add ntp server X.X.X.3 -minpoll 6 -maxpoll 10 -devno 32833536” – Status “Success”

ns.log.0:651:Apr 23 10:15:59 <local0.info> X.X.X.X 04/23/2018:01:15:59 GMT NetScaler-Internal-TDC-01 0-PPE-1 : default GUI CMD_EXECUTED 137 0 : User nsroot – Remote_ip X.X.X.20 – Command “unset ntp server X.X.X.3 -autokey” – Status “Success”

Logs from secondary:

——————————–

var/log/ns.log

Apr 23 10:00:34 <local0.info> X.X.X.25 04/23/2018:01:00:34 GMT NetScaler-Internal-TDC-02 0-PPE-1 : default CLI CMD_EXECUTED 131 0 : User nsroot – Remote_ip 127.0.0.1 – Command “logout” – Status “Success”

Apr 23 10:01:13 <local0.notice> X.X.X.25 04/23/2018:01:01:13 GMT NetScaler-Internal-TDC-02 0-PPE-0 : default EVENT DEVICEDOWN 79 0 : Device “interface(0/1)” – State DOWN

Apr 23 10:01:13 <local0.notice> X.X.X.25 04/23/2018:01:01:13 GMT NetScaler-Internal-TDC-02 0-PPE-1 : default EVENT DEVICEDOWN 132 0 : Device “interface(0/1)” – State DOWN

Apr 23 11:18:15 <local0.notice> X.X.X.25 04/23/2018:02:18:15 GMT NetScaler-Internal-TDC-02 0-PPE-1 : default EVENT DEVICEUP 133 0 : Device “interface(0/1)” – State UP

Apr 23 11:18:15 <local0.notice> X.X.X.25 04/23/2018:02:18:15 GMT NetScaler-Internal-TDC-02 0-PPE-0 : default EVENT DEVICEUP 80 0 : Device “interface(0/1)” – State UP

Apr 23 11:18:29 <local0.info> X.X.X.25 04/23/2018:02:18:29 GMT NetScaler-Internal-TDC-02 0-PPE-1 : default AAA Message 134 0 : “rba authentication : user nsroot response_len-0 cmdPolicyLen-0, partitionLen-0 PromptLen-0 timeout 805307268 authPolicyLen-0 authActionLen-0 ssh_pubkey_len

Related: