diff options
author | roberto <roberto@FreeBSD.org> | 2009-12-15 14:58:10 +0000 |
---|---|---|
committer | roberto <roberto@FreeBSD.org> | 2009-12-15 14:58:10 +0000 |
commit | 230e76b5380d386df4ba9fee065378a39a10e8b5 (patch) | |
tree | 2928c8428ba1c1401c7dcd5d3c3c610fbb90b794 /contrib/ntp/NEWS | |
parent | 2bc44b96096e82af8f7720c1883039f28c130aa0 (diff) | |
parent | ecc42837d301a8d8e257020b30492277ad558d30 (diff) | |
download | FreeBSD-src-230e76b5380d386df4ba9fee065378a39a10e8b5.zip FreeBSD-src-230e76b5380d386df4ba9fee065378a39a10e8b5.tar.gz |
Merge 4.2.4p8 into contrib (r200452 & r200454).
Subversion is being difficult here so take a hammer and get it in.
MFC after: 2 weeks
Security: CVE-2009-3563
Diffstat (limited to 'contrib/ntp/NEWS')
-rw-r--r-- | contrib/ntp/NEWS | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/contrib/ntp/NEWS b/contrib/ntp/NEWS index 6290fb5..729a91f 100644 --- a/contrib/ntp/NEWS +++ b/contrib/ntp/NEWS @@ -1,3 +1,91 @@ +NTP 4.2.4p8 (Harlan Stenn <stenn@ntp.org>, 2009/12/08) + +Focus: Security Fixes + +Severity: HIGH + +This release fixes the following high-severity vulnerability: + +* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563. + + See http://support.ntp.org/security for more information. + + NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility. + In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time + transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 + request or a mode 7 error response from an address which is not listed + in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will + reply with a mode 7 error response (and log a message). In this case: + + * If an attacker spoofs the source address of ntpd host A in a + mode 7 response packet sent to ntpd host B, both A and B will + continuously send each other error responses, for as long as + those packets get through. + + * If an attacker spoofs an address of ntpd host A in a mode 7 + response packet sent to ntpd host A, A will respond to itself + endlessly, consuming CPU and logging excessively. + + Credit for finding this vulnerability goes to Robin Park and Dmitri + Vinokurov of Alcatel-Lucent. + +THIS IS A STRONGLY RECOMMENDED UPGRADE. + +--- +NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04) + +Focus: Security and Bug Fixes + +Severity: HIGH + +This release fixes the following high-severity vulnerability: + +* [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252 + + See http://support.ntp.org/security for more information. + + If autokey is enabled (if ntp.conf contains a "crypto pw whatever" + line) then a carefully crafted packet sent to the machine will cause + a buffer overflow and possible execution of injected code, running + with the privileges of the ntpd process (often root). + + Credit for finding this vulnerability goes to Chris Ries of CMU. + +This release fixes the following low-severity vulnerabilities: + +* [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159 + Credit for finding this vulnerability goes to Geoff Keating of Apple. + +* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows + Credit for finding this issue goes to Dave Hart. + +This release fixes a number of bugs and adds some improvements: + +* Improved logging +* Fix many compiler warnings +* Many fixes and improvements for Windows +* Adds support for AIX 6.1 +* Resolves some issues under MacOS X and Solaris + +THIS IS A STRONGLY RECOMMENDED UPGRADE. + +--- +NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07) + +Focus: Security Fix + +Severity: Low + +This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting +the OpenSSL library relating to the incorrect checking of the return +value of EVP_VerifyFinal function. + +Credit for finding this issue goes to the Google Security Team for +finding the original issue with OpenSSL, and to ocert.org for finding +the problem in NTP and telling us about it. + +This is a recommended upgrade. +--- NTP 4.2.4p5 (Harlan Stenn <stenn@ntp.org>, 2008/08/17) Focus: Minor Bugfixes |