What month is 2014-14-22? I assume tgat you meant 2014-12-22. On Dec 23, 2014 3:35 PM, "FreeBSD Security Advisories" < security-advisor...@freebsd.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > > ============================================================================= > FreeBSD-SA-14:31.ntp Security > Advisory > The FreeBSD > Project > > Topic: Multiple vulnerabilities in NTP suite > > Category: contrib > Module: ntp > Announced: 2014-12-23 > Affects: All supported versions of FreeBSD. > Corrected: 2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE) > 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3) > 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15) > 2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE) > 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7) > 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17) > 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24) > 2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE) > 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21) > CVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:https://security.FreeBSD.org/>. > > I. Background > > The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) > used to synchronize the time of a computer system to a reference time > source. > > II. Problem Description > > When no authentication key is set in the configuration file, ntpd(8) > would generate a random key that uses a non-linear additive feedback random > number generator seeded with very few bits of entropy. [CVE-2014-9293] > The ntp-keygen(8) utility is also affected by a similar issue. > [CVE-2014-9294] > > When Autokey Authentication is enabled, for example if ntp.conf(5) contains > a 'crypto pw' directive, a remote attacker can send a carefully > crafted packet that can overflow a stack buffer. [CVE-2014-9295] > > In ntp_proto.c, the receive() function is missing a return statement in > the case when an error is detected. [CVE-2014-9296] > > III. Impact > > The NTP protocol uses keys to implement authentication. The weak > seeding of the pseudo-random number generator makes it easier for an > attacker to brute-force keys, and thus may broadcast incorrect time stamps > or masquerade as another time server. [CVE-2014-9293, CVE-2014-9294] > > An attacker may be able to utilize the buffer overflow to crash the ntpd(8) > daemon or potentially run arbitrary code with the privileges of the ntpd(8) > process, which is typically root. [CVE-2014-9295] > > IV. Workaround > > No workaround is available, but systems not running ntpd(8) are not > affected. Because the issue may lead to remote root compromise, the > FreeBSD Security Team recommends system administrators to firewall NTP > ports, namely tcp/123 and udp/123 when it is not clear that all systems > have been patched or have ntpd(8) stopped. > > V. Solution > > NOTE WELL: It is advisable to regenerate all keys used for NTP > authentication, if configured. > > Perform one of the following: > > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > 2) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > > 3) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch > # fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc > # gpg --verify ntp.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile the operating system using buildworld and installworld as > described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. > > Restart the ntpd(8) daemons, or reboot the system. > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/8/ r276073 > releng/8.4/ r276154 > stable/9/ r276073 > releng/9.1/ r276155 > releng/9.2/ r276156 > releng/9.3/ r276157 > stable/10/ r276072 > releng/10.0/ r276158 > releng/10.1/ r276159 > - ------------------------------------------------------------------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> > > VII. References > > <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293> > > <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294> > > <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295> > > <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296> > > <URL:https://www.kb.cert.org/vuls/id/852879> > > The latest revision of this advisory is available at > <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-14:31.ntp.asc> > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJUmfSAAAoJEO1n7NZdz2rnV/IQAMeAuVbyKDMu3mec0ErpL5z8 > OcSxVxKWH9udDJQkpiw6OaU4ks7PGOH/PgAad0mIhWPflXtpUlWMQtUa54Ds4s/t > NjknM2vS4sBMZLk0Poqsts0TohfwdxF+CT8OCZARA2i3t70Ov0Y9BeoCatL2rnS+ > rPbhhlnQXrsAJDCKcjSrYw+37cDNEdcvk4UKhiKh76J6CXwn2cT6h1dXTMFyImWq > slTNlkJV6iFMNYn3oSA8nCVEJVMw2XQwVfg2qzkpZcuDGKE5fFpdvX3VcRP7b2cq > zwSClt29B7FF3EjrplRuEdgxDk8m9PjVbUz9tocLPIqV0RjhTA9j7MhNcWH5G3Dh > u6NQDsA0WzE8Ki2mrWpTEAFp21ZzSyXXtZ703XYiXbQKNG9lKEFv5Z8ffVHSrUT7 > uB2BsP+LrnnWNNdjkRSSSxrfy4CvFLsdQ9FI1FNz+oofEio6yPO+W47pBH//Nbj0 > wfeReW1OlbrtWF6NHZr4CfX+Lx9hu4CXXdXRWKdMDTYUywr0V6BiIsrNlN1z7XCy > 90+43twFhGBsOSVD5PpcDmt9oEYfpwWKdXO6dXClCo+mxAki/fgf5Y24cTT9DTQn > CKuVZuyaMi+HZ0jf2sKITQ03S8+Nrn7cZEXkIGScfT5z1Y8pcN+7bRhB1DpaCs0q > IIw6TjJXQm8DTMuBIwf3 > =oSCq > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-annou...@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-announce > To unsubscribe, send any mail to "freebsd-announce-unsubscr...@freebsd.org > " > _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
