Bug#560074: marked as done (ntp: CVE-2009-3563 DoS through mode 7 packets)

Tue, 08 Dec 2009 14:42:53 -0800 

Your message dated Tue, 08 Dec 2009 22:33:06 +0000
with message-id <[email protected]>
and subject line Bug#560074: fixed in ntp 1:4.2.4p8+dfsg-1
has caused the Debian Bug report #560074,
regarding ntp: CVE-2009-3563 DoS through mode 7 packets
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
560074: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ntp
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ntp.

CVE-2009-3563[0]:
| The topology used includes two nodes running ntp and an attacker's PC:
| 
| PC--->  [node1 ntpd1]:11.0.0.1 --------11.0.0.2:[node2 ntpd2]
| 
| PC sends one crafted UDP packet with one byte payload 0x17, i.e. NTP Request 
in
| mode 7.
| This UDP packet has spoofed source IP of 11.0.0.2, destination = 11.0.0.1,
| source port 123 and destination port 123.
| Node1 responds with mode 7 Error Response to Node2, and here comes something 
we
| cannot conceive. Ntpd2 responds back with the same mode 7 Error Response to
| Node1, Ntpd1 does again the same, etc. with the aggregate rate of few thousand
| pps. CPU is taken away on both sides, network is busy...
| Better yet, if we spoof the Node1's address 11.0.0.1 as a source, Node1 sends
| all these packets to itself all the time! Endless.
| Payload "97 00 00 00" (Response mode 7) works too.
| If you fix the vulnerability please also make sure to include the
| CVE id in your changelog entry.

Upstream has release 4.2.4p8 to fix this issue.

For further information see:

[0] https://support.ntp.org/bugs/show_bug.cgi?id=1331
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
    http://security-tracker.debian.org/tracker/CVE-2009-3563

-- 
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpv3LyhGBqhF.pgp
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: ntp
Source-Version: 1:4.2.4p8+dfsg-1

We believe that the bug you reported is fixed in the latest version of
ntp, which is due to be installed in the Debian FTP archive:

ntp-doc_4.2.4p8+dfsg-1_all.deb
  to main/n/ntp/ntp-doc_4.2.4p8+dfsg-1_all.deb
ntp_4.2.4p8+dfsg-1.debian.tar.gz
  to main/n/ntp/ntp_4.2.4p8+dfsg-1.debian.tar.gz
ntp_4.2.4p8+dfsg-1.dsc
  to main/n/ntp/ntp_4.2.4p8+dfsg-1.dsc
ntp_4.2.4p8+dfsg-1_amd64.deb
  to main/n/ntp/ntp_4.2.4p8+dfsg-1_amd64.deb
ntp_4.2.4p8+dfsg.orig.tar.gz
  to main/n/ntp/ntp_4.2.4p8+dfsg.orig.tar.gz
ntpdate_4.2.4p8+dfsg-1_amd64.deb
  to main/n/ntp/ntpdate_4.2.4p8+dfsg-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated ntp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 08 Dec 2009 21:41:51 +0100
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: source all amd64
Version: 1:4.2.4p8+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian NTP Team <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description: 
 ntp        - Network Time Protocol daemon and utility programs
 ntp-doc    - Network Time Protocol documentation
 ntpdate    - client for setting system time from NTP servers
Closes: 560074
Changes: 
 ntp (1:4.2.4p8+dfsg-1) unstable; urgency=high
 .
   * New upstream release.
     - Fixes DoS with mode 7 packets (CVE-2009-3563) (Closes: #560074)
Checksums-Sha1: 
 63a809bf16a46b79ed89637eaf9a549387b56c7b 2101 ntp_4.2.4p8+dfsg-1.dsc
 505f5f0bb9543912ccce1ef2158dacfcae911879 2836606 ntp_4.2.4p8+dfsg.orig.tar.gz
 2d248dd26dab8e1493f558115f35276390c6e7cc 409044 
ntp_4.2.4p8+dfsg-1.debian.tar.gz
 04be3d736e795771dc144553cea50b746c520876 930422 ntp-doc_4.2.4p8+dfsg-1_all.deb
 81b8e894318e03bc2cd6f1c9720490bab170ccee 489264 ntp_4.2.4p8+dfsg-1_amd64.deb
 d1011531ad267c5155e1bce3dc35d45f2548a2f9 64784 ntpdate_4.2.4p8+dfsg-1_amd64.deb
Checksums-Sha256: 
 22745c8174b0989272684fa1542d2869ef007aa4f8d62ea13624c5bf8e60989c 2101 
ntp_4.2.4p8+dfsg-1.dsc
 d2db861ef53a0b2d252e1ab5406fe12868cdfa7d8dcdbc37ed8f3a764df26208 2836606 
ntp_4.2.4p8+dfsg.orig.tar.gz
 95e2901fd1a5ad8b3747ae8d298828fa24368ed2af3397db6421a8abd2b2e8a0 409044 
ntp_4.2.4p8+dfsg-1.debian.tar.gz
 4f664a134ba8781152d7da3e0bd20afdcb264653c9e7d1fa9ae93e936b33c125 930422 
ntp-doc_4.2.4p8+dfsg-1_all.deb
 3ea19fb2d767f63ef1afa7c3de96afef6d084d4ff4e58c53bc92bb1ca2e55428 489264 
ntp_4.2.4p8+dfsg-1_amd64.deb
 aa44accf4e99143fa0097cebf9bcd04c4a10e19373ec28f68d826134f7ccca35 64784 
ntpdate_4.2.4p8+dfsg-1_amd64.deb
Files: 
 3acc7db65e333294cd072cfa0f65caa5 2101 net optional ntp_4.2.4p8+dfsg-1.dsc
 81081f690c264695c492b22475879fa5 2836606 net optional 
ntp_4.2.4p8+dfsg.orig.tar.gz
 9679addbeec0306cae91cced258c6c46 409044 net optional 
ntp_4.2.4p8+dfsg-1.debian.tar.gz
 1509be4c29c3cff1b78edeb845cb7bbf 930422 doc optional 
ntp-doc_4.2.4p8+dfsg-1_all.deb
 7dee4d5261a2dc1aa6b992a8f519974c 489264 net optional 
ntp_4.2.4p8+dfsg-1_amd64.deb
 aabaec4cc1b98f5441024a26352d5ef4 64784 net optional 
ntpdate_4.2.4p8+dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJLHtHeAAoJEGpMZM6DE7XwjCEQAKEOYY1UTwuYYRhC+RDGs33u
ePh0YojHUo8fUIg3j+0D4EBP9NcH7DCajVRdzx0iS1KD3IjiEqeGf0An9j27LjGg
5bSpGRBYsL98iIDd8G5HPfiOOBj5qF9ksfeTYDib/hyI1b5HrGPd3BgVHx13dlAn
bB0yuerd1UmpR7jNJVOYPwbr749r3kNUiXQV3gvs/X1Z2MYu/LIOg8VAi4h3nhGv
jpn+vDU9wJOf55JFsiBbyiOfnWDSQS6XvXmjkO3CHnZe4EqZpN+/12sDzGhWdF8H
OdHUCyFALZFEFYAYQyNm9vzQxvGAhSAwil9mPQ2EcS4Ud97BkkIz/tD2iSQCLmFV
xU8wwldSrdd1YLPoF/MLadXELTSIDu5VilWUsQS0cMS2IyduB4J1RXtV2BvuW7DI
0FTR/ia7DeB8Lemhq9PMunod8W+8RskURq5YLPeqrxa9MFQioAW3R5URLpaKIFh7
kpRDlAZtwBkNPl++D5z0p0BmCCLEbiCm+aftvQUUcdjODcXKu98X14TBEVY9wDQY
B+Oq0aL+m7kMzGvSYKpaD2J5k8U00xjkeq7u/De5u/0y31VuoLLi6LQDl5cBP4I6
4qpue3ZIGPt4v7SKFC4218Jslm9fjoNBWe2+zrEZ1WFPfslp7xpX32HmLb+9b5Qw
OaMFOySN9UJC+FO/11Ud
=yNmx
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to