Add SA-16:24.ntp.
This commit is contained in:
parent
2d1a634039
commit
97d46c0b16
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=48891
4 changed files with 11783 additions and 0 deletions
172
share/security/advisories/FreeBSD-SA-16:24.ntp.asc
Normal file
172
share/security/advisories/FreeBSD-SA-16:24.ntp.asc
Normal file
|
@ -0,0 +1,172 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-SA-16:24.ntp Security Advisory
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Multiple vulnerabilities of ntp
|
||||
|
||||
Category: contrib
|
||||
Module: ntp
|
||||
Announced: 2016-06-04
|
||||
Credits: Network Time Foundation and various contributors listed below
|
||||
Affects: All supported versions of FreeBSD.
|
||||
Corrected: 2016-06-03 08:59:21 UTC (stable/10, 10.3-STABLE)
|
||||
2016-06-04 05:46:52 UTC (releng/10.3, 10.3-RELEASE-p5)
|
||||
2016-06-04 05:46:52 UTC (releng/10.2, 10.2-RELEASE-p19)
|
||||
2016-06-04 05:46:52 UTC (releng/10.1, 10.1-RELEASE-p36)
|
||||
2016-06-03 09:03:10 UTC (stable/9, 9.3-STABLE)
|
||||
2016-06-04 05:46:52 UTC (releng/9.3, 9.3-RELEASE-p44)
|
||||
CVE Name: CVE-2016-4957, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955
|
||||
CVE-2016-4956
|
||||
|
||||
For general information regarding FreeBSD Security Advisories,
|
||||
including descriptions of the fields above, security branches, and the
|
||||
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
|
||||
used to synchronize the time of a computer system to a reference time
|
||||
source.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
Multiple vulnerabilities have been discovered in the NTP suite:
|
||||
|
||||
The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that could cause ntpd to
|
||||
crash. [CVE-2016-4957, Reported by Nicolas Edet of Cisco]
|
||||
|
||||
An attacker who knows the origin timestamp and can send a spoofed packet
|
||||
containing a CRYPTO-NAK to an ephemeral peer target before any other
|
||||
response is sent can demobilize that association. [CVE-2016-4953, Reported by
|
||||
Miroslav Lichvar of Red Hat]
|
||||
|
||||
An attacker who is able to spoof packets with correct origin timestamps
|
||||
from enough servers before the expected response packets arrive at the
|
||||
target machine can affect some peer variables and, for example,
|
||||
cause a false leap indication to be set. [CVE-2016-4954, Reported by
|
||||
Jakub Prokes of Red Hat]
|
||||
|
||||
An attacker who is able to spoof a packet with a correct origin timestamp
|
||||
before the expected response packet arrives at the target machine can
|
||||
send a CRYPTO_NAK or a bad MAC and cause the association's peer variables
|
||||
to be cleared. If this can be done often enough, it will prevent that
|
||||
association from working. [CVE-2016-4955, Reported by Miroslav Lichvar
|
||||
of Red Hat]
|
||||
|
||||
The fix for NtpBug2978 does not cover broadcast associations, so broadcast
|
||||
clients can be triggered to flip into interleave mode. [CVE-2016-4956,
|
||||
Reported by Miroslav Lichvar of Red Hat.]
|
||||
|
||||
III. Impact
|
||||
|
||||
Malicious remote attackers may be able to break time synchronization,
|
||||
or cause the ntpd(8) daemon to crash.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but systems not running ntpd(8) are not
|
||||
affected. Network administrators are advised to implement BCP-38,
|
||||
which helps to reduce the risk associated with the attacks.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
||||
release / security branch (releng) dated after the correction date.
|
||||
|
||||
The ntpd service has to be restarted after the update. A reboot is
|
||||
recommended but not required.
|
||||
|
||||
2) To update your vulnerable system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
The ntpd service has to be restarted after the update. A reboot is
|
||||
recommended but not required.
|
||||
|
||||
3) To update your vulnerable system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/SA-16:24/ntp.patch
|
||||
# fetch https://security.FreeBSD.org/patches/SA-16:24/ntp.patch.asc
|
||||
# gpg --verify ntp.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
Restart the applicable daemons, or reboot the system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/9/ r301257
|
||||
releng/9.3/ r301301
|
||||
stable/10/ r301256
|
||||
releng/10.1/ r301301
|
||||
releng/10.2/ r301301
|
||||
releng/10.3/ r301301
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957>
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953>
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954>
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955>
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956>
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.12 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJXUnRyAAoJEO1n7NZdz2rncMMQAIB69xMkhWqoZ+0R2R6MOPAI
|
||||
UWIEPN4fLktiz4oIKP/C/xTsJdonC6+GCKbEb4h+deUOEYPaK5L1RsjvzwjqDKvI
|
||||
9THtZUBoEcifALOiO1Mkum+1ntCkF+7EK2EXSuF2/wYga/ekVkCPZqLxmUEbL/KG
|
||||
HEa4VCnMv0euAxEbtzix6efNTZV/9O0uUmYlU0wt8WF+YL+p15CyhBIc5YZISpWA
|
||||
izugcLKU8xriFMOiyOIttnIS1pAKERu0Fh9EqlkfFhcmJXl18Oxn10L0qH6uEx/C
|
||||
Rs11KzyJSuOpBl7x5NZi9jsTzlZlI6zqJ9b6Dlj2A8k82oz5p3VUf+CDyDlMZxHo
|
||||
2PsRPGdYJA98w/dUFucZozt1J4K05dWOnd6oED1bY8bFEb+IhRYYOil/wqiNBJFw
|
||||
Q9B6jB18Olp4PxxMZVX5kXz4j3tzqlt80wY9S/pVOIGjKcbxIHqhB5CFt1UJfsUw
|
||||
BGzJTpYYBvqdS0e3ozO+4QyHBlm4Ure4JFlrb/kBXgLvnBcTfn5e2NMJKhMSvC0B
|
||||
O5Ma1D7E2eYxxHgpUFTJYo+qNrfWsQHPClxOMVXbxUrz/iheEvTaed7tyHtMI5nz
|
||||
vloTNWf4WNWnxYv5meOOSj2lXX5dxT+XpEA+1kmOWdWvOx8nmOWrOUYN6hM191jD
|
||||
e3hZ2X6TAfHd5LIHtb2C
|
||||
=ttlK
|
||||
-----END PGP SIGNATURE-----
|
11582
share/security/patches/SA-16:24/ntp.patch
Normal file
11582
share/security/patches/SA-16:24/ntp.patch
Normal file
File diff suppressed because it is too large
Load diff
17
share/security/patches/SA-16:24/ntp.patch.asc
Normal file
17
share/security/patches/SA-16:24/ntp.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.12 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJXUnR+AAoJEO1n7NZdz2rnpJQQALCc5yADJD7gnsBv2Nl9H+3V
|
||||
FGVMJa3lySYZyOrWguc/Gmb+lXcVOYehyoNf/Pya36Jgd+sWCVP+uuLJkcJqrFm7
|
||||
x/vUGx8lBzhltgJ3XKhMEz7d0Mw5Q8TC8yu0yuAWslZSXtaUjLCaKA/cGXtQUP2k
|
||||
0lAmq7VCygj9sw5zDOgatOH0b3H+KgIV6G8SGcKoXkRm6aQk4msGLM3m7Lff3Vlx
|
||||
g8Emoud8Tf94dPYUYSVJjC8O7v6W5Ha5hNID/wC0cQpUZm2PZTNAXVaEiBR8kZO4
|
||||
eYbeQBNTxGFsh9bwd1VbDM16yCWh5Q6vpQ3aJsXqQdFO7QU4I+L4wIUCr3UM+6tJ
|
||||
EirkjDdm9MnRmf38lJrOrqvDojKkUz3iQRcGcZ4r0pkpKwoFTflz3VYjWIbrrY7I
|
||||
7Fku4P/8PzEFP2v7BBAqBQZwRkMPucErfuUP5uvyR7usMTCuKb7i3GTKbb2oHKb+
|
||||
dzbVShycttvQ1gVFARIFmV4dcqRatEbpGPFOvrZASadIQkKxGuUC3Y9D2fE4WtPx
|
||||
reqkt9UQ63/l3w+7IqA7bvFEZKLWOnCTaJxsJtfST5amtIgPWj4KnzsBnki4iPcZ
|
||||
vo25aFqenR+7+L1igASnJNvu1lMFBC76LuII9m6YPszb6xn8gHgsQ+tg3h9XlC7l
|
||||
PKj7EPnKrec/XlgN0OJA
|
||||
=iq0r
|
||||
-----END PGP SIGNATURE-----
|
|
@ -7,6 +7,18 @@
|
|||
<year>
|
||||
<name>2016</name>
|
||||
|
||||
<month>
|
||||
<name>6</name>
|
||||
|
||||
<day>
|
||||
<name>4</name>
|
||||
|
||||
<advisory>
|
||||
<name>FreeBSD-SA-16:24.ntp</name>
|
||||
</advisory>
|
||||
</day>
|
||||
</month>
|
||||
|
||||
<month>
|
||||
<name>5</name>
|
||||
|
||||
|
|
Loading…
Reference in a new issue