CVE-1999-0524 - ICMP Timestamp Request Remote Date Disclosure vulnerability in Greenplum DB
search cancel

CVE-1999-0524 - ICMP Timestamp Request Remote Date Disclosure vulnerability in Greenplum DB

book

Article ID: 384360

calendar_today

Updated On:

Products

Greenplum VMware Tanzu Greenplum Pivotal Data Suite Non Production Edition VMware Tanzu Data Suite VMware Tanzu Data Suite

Issue/Introduction

A security scan may report CVE-1999-0524 on Greenplum Database (GPDB) nodes. For details on the vulnerability see : CVE-1999-0524

The remote host answers to an ICMP timestamp request.

This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Environment

  • VMware Tanzu Greenplum (All Versions)
  • Oracle Linux / RHEL 8.x

Cause

Greenplum Database clusters require ICMP to be enabled on the interconnect network for "ping" operations, which check host availability and cluster health. By default, many Linux distributions respond to all ICMP request types.

Resolution

To mitigate the vulnerability without disrupting Greenplum interconnect heartbeats, block only the specific ICMP timestamp request and reply types using iptables.

  1. Apply the rules to block timestamp requests and replies:
    bash
     
    sudo iptables -A INPUT -p icmp --icmp-type timestamp-request -j DROPsudo iptables -A OUTPUT -p icmp --icmp-type timestamp-reply -j DROP
  2. Verify the rules are active:
    bash
     
    sudo iptables -L INPUT -vnsudo iptables -L OUTPUT -vn
  3. On RHEL/Oracle Linux 8 systems, ensure the rules persist after reboot by installing iptables-services:
    bash
     
    sudo dnf install -y iptables-servicessudo systemctl enable iptablessudo service iptables save

 

Additional Information

Powered by Wolken Software