"The issue affects systems that use a 32-bit integer to store time as the number of seconds that have passed since the Unix epoch (January 1, 1970). A 32-bit signed integer variable has a maximum value of 2,147,483,647, which will be reached on January 19, 2038. When the number exceeds its limit and overflows, systems will interpret the date as a negative number, resetting it to December 13, 1901."
"Triggering these rollover bugs can cause systems to crash and, in addition to causing disruptions, it can have significant cybersecurity implications. In the case of industrial control systems (ICS) and other operational technology (OT) systems used in critical infrastructure, a time-stamping error could lead to a chain reaction of failures, causing systems to crash, data to become corrupted, or safety protocols to fail, potentially leading to physical damage or risk to human life."
"In addition, many cybersecurity systems rely on accurate time, including SSL/TLS certificates, logging and forensics solutions, and time-based authentication and access systems. Threat actors could exploit the Y2K38 bug to bypass security, cause system outages, cover their tracks, or to gain unauthorized access to systems."
Time-related rollover bugs tied to 32-bit time representations and older NTP implementations can be exploited now, causing date overflows in 2038 and 2036 respectively. Systems that store seconds since the Unix epoch in signed 32-bit integers will overflow on January 19, 2038, resetting dates to 1901. Older Network Time Protocol epochs will rollover on February 7, 2036. Rollover events can crash systems, corrupt data, disrupt safety protocols in ICS/OT environments, and create cascading failures that risk physical damage or human safety. Security mechanisms that depend on accurate time — certificates, logging, forensics, and time-based authentication — can be bypassed or manipulated by attackers.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]