diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-19:04.ntp.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-19:04.ntp.asc | 146 |
1 files changed, 0 insertions, 146 deletions
diff --git a/share/security/advisories/FreeBSD-SA-19:04.ntp.asc b/share/security/advisories/FreeBSD-SA-19:04.ntp.asc deleted file mode 100644 index de2dd01682..0000000000 --- a/share/security/advisories/FreeBSD-SA-19:04.ntp.asc +++ /dev/null @@ -1,146 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-SA-19:04.ntp Security Advisory - The FreeBSD Project - -Topic: Authenticated denial of service in ntpd - -Category: contrib -Module: ntp -Announced: 2019-05-14 -Credits: Magnus Stubman -Affects: All supported versions of FreeBSD -Corrected: 2019-03-07 13:45:36 UTC (stable/12, 12.0-STABLE) - 2019-05-14 23:02:56 UTC (releng/12.0, 12.0-RELEASE-p4) - 2019-03-07 13:45:36 UTC (stable/11, 11.3-PRERELEASE) - 2019-05-14 23:06:26 UTC (releng/11.2, 11.2-RELEASE-p10) -CVE Name: CVE-2019-8936 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:https://security.FreeBSD.org/>. - -I. Background - -The ntpd(8) daemon is an implementation of the Network Time Protocol -(NTP) used to synchronize the time of a computer system to a reference -time source. The ntpd(8) daemon uses a protocol called mode 6 to both get -status information from the running ntpd(8) daemon and configure it on the -fly. This protocol is typically used by the ntpq(8) program, among others. - -II. Problem Description - -A crafted malicious authenticated mode 6 packet from a permitted network -address can trigger a NULL pointer dereference. - -Note for this attack to work, the sending system must be on an address from -which the target ntpd(8) accepts mode 6 packets, and must use a private key -that is specifically listed as being used for mode 6 authorization. - -III. Impact - -The ntpd daemon can crash due to the NULL pointer dereference, causing a -denial of service. - -IV. Workaround - -Use 'restrict noquery' in the ntpd configuration to limit addresses that -can send mode 6 queries. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to a supported FreeBSD stable or -release / security branch (releng) dated after the correction date. - -2) To update your vulnerable system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install - -Afterwards, restart the ntpd service: -# service ntpd restart - -3) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -[FreeBSD 12.0] -# fetch https://security.FreeBSD.org/patches/SA-19:04/ntp.patch -# fetch https://security.FreeBSD.org/patches/SA-19:04/ntp.patch.asc -# gpg --verify ntp.patch.asc - -[FreeBSD 11.2-RELEASE/11.3-PRERELEASE] -# fetch https://security.FreeBSD.org/patches/SA-19:04/ntp-11.2.patch -# fetch https://security.FreeBSD.org/patches/SA-19:04/ntp-11.2.patch.asc -# gpg --verify ntp-11.2.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile the operating system using buildworld and installworld as -described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. - -Restart the ntpd service, or reboot the system. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/12/ r344884 -releng/12.0/ r347589 -stable/11/ r344884 -releng/11.2/ r347590 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:http://support.ntp.org/bin/view/Main/SecurityNotice#March_2019_ntp_4_2_8p13_NTP_Rele> - -<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936> - -The latest revision of this advisory is available at -<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc> ------BEGIN PGP SIGNATURE----- - -iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTrdfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD -MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n -5cLGtw/8CNAYnLxARrMUK1QeC9sE7EaboYInSOgaunfK2Uw5tJk9b4GwWWjCSE0C -hSWg4a9xv3pks2ppfEJzRuy0eoYmiU0MYblnAnCwCmE2d3WYlExO7hZJa1iK3uPO -WvHre5q80kF8TJhS9rbph+6oyLaPun8f9PDIo4Oc2knTppNfrfzbB/HEuzP27KMp -gCXD/Nk/5tHbXjkIGamWCf9wgYuw/typYRV3W6sWDuPhug2sAvWk1TMo0cMJ4BHL -wL7Qh00rZ+nHWdk5GKFslga9gNjVPqD2DzRKCQO2bj4o+7ly2d+yk4jUpMKBq2r4 -eQcQQnk9xj60NQ5cHGprOv6xwulBYycugF57iouNAP241cvVf+XZd4b/GthJODgz -fhP0aquusmtkawida3ZWWIVCjkM5NmHQsY5VTQLvTudtemb3kdmRMy3dFDN7oyXZ -PqP6JJUqamxNHilxRVytNCZLiSuy1P2MnJamyLZIqcDiT6yvMVBqwuGdQrSTSKyu -g/sR+vUohuJrP2i3pCCEfGtH5Nfq6GpY6Swxec81wUoqReGVCGmSFSEaas21TFYf -ZzAEAhywveGegkhqvsGP9A1zrTs6ZTCRzun32MhSo4xH/YZaArMvRa6JiSWTA1fG -ctwXEwIBj0XNEWBsCPgVvaF9bglmQZ2Iqn4iOiHlRGT7KxgjT7w= -=o9t5 ------END PGP SIGNATURE----- |