Gentoo Archives: gentoo-announce

From: Alex Legler <a3li@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200905-08 ] NTP: Remote execution of arbitrary code
Date: Tue, 26 May 2009 16:10:37
Message-Id: 1243353980.4227.48.camel@localhost
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200905-08
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: NTP: Remote execution of arbitrary code
9 Date: May 26, 2009
10 Bugs: #263033, #268962
11 ID: 200905-08
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple errors in the NTP client and server programs might allow for
19 the remote execution of arbitrary code.
20
21 Background
22 ==========
23
24 NTP contains the client and daemon implementations for the Network Time
25 Protocol.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 net-misc/ntp < 4.2.4_p7 >= 4.2.4_p7
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been found in the programs included in
39 the NTP package:
40
41 * Apple Product Security reported a boundary error in the
42 cookedprint() function in ntpq/ntpq.c, possibly leading to a
43 stack-based buffer overflow (CVE-2009-0159).
44
45 * Chris Ries of CMU reported a boundary error within the
46 crypto_recv() function in ntpd/ntp_crypto.c, possibly leading to a
47 stack-based buffer overflow (CVE-2009-1252).
48
49 Impact
50 ======
51
52 A remote attacker might send a specially crafted package to a machine
53 running ntpd, possibly resulting in the remote execution of arbitrary
54 code with the privileges of the user running the daemon, or a Denial of
55 Service. NOTE: Successful exploitation requires the "autokey" feature
56 to be enabled. This feature is only available if NTP was built with the
57 'ssl' USE flag.
58
59 Furthermore, a remote attacker could entice a user into connecting to a
60 malicious server using ntpq, possibly resulting in the remote execution
61 of arbitrary code with the privileges of the user running the
62 application, or a Denial of Service.
63
64 Workaround
65 ==========
66
67 You can protect against CVE-2009-1252 by disabling the 'ssl' USE flag
68 and recompiling NTP.
69
70 Resolution
71 ==========
72
73 All NTP users should upgrade to the latest version:
74
75 # emerge --sync
76 # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p7"
77
78 References
79 ==========
80
81 [ 1 ] CVE-2009-0159
82 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
83 [ 2 ] CVE-2009-1252
84 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252
85
86 Availability
87 ============
88
89 This GLSA and any updates to it are available for viewing at
90 the Gentoo Security Website:
91
92 http://security.gentoo.org/glsa/glsa-200905-08.xml
93
94 Concerns?
95 =========
96
97 Security is a primary focus of Gentoo Linux and ensuring the
98 confidentiality and security of our users machines is of utmost
99 importance to us. Any security concerns should be addressed to
100 security@g.o or alternatively, you may file a bug at
101 http://bugs.gentoo.org.
102
103 License
104 =======
105
106 Copyright 2009 Gentoo Foundation, Inc; referenced text
107 belongs to its owner(s).
108
109 The contents of this document are licensed under the
110 Creative Commons - Attribution / Share Alike license.
111
112 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature