As a member of the Linux Foundation Core Infrastructure Initiative, Cisco is contributing to the CII effort by evaluating the Network Time Protocol daemon (ntpd) for security defects. We previously identified a series of vulnerabilities in the Network Time Protocol daemon; through our continued research we have identified a further vulnerabilities in the software. This vulnerability results in a denial of service attack against peers due to the origin timestamp check functionality. The attacker does not need to be authenticated in order to exploit the vulnerability.
The ntpd daemon uses the Network Time Protocol for clock synchronization between computer systems and as such, plays a vital role in maintaining system integrity.