summaryrefslogtreecommitdiffstats
path: root/contrib/ntp/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/ntp/NEWS')
-rw-r--r--contrib/ntp/NEWS88
1 files changed, 88 insertions, 0 deletions
diff --git a/contrib/ntp/NEWS b/contrib/ntp/NEWS
index 6290fb5..729a91f 100644
--- a/contrib/ntp/NEWS
+++ b/contrib/ntp/NEWS
@@ -1,3 +1,91 @@
+NTP 4.2.4p8 (Harlan Stenn <stenn@ntp.org>, 2009/12/08)
+
+Focus: Security Fixes
+
+Severity: HIGH
+
+This release fixes the following high-severity vulnerability:
+
+* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
+
+ See http://support.ntp.org/security for more information.
+
+ NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility.
+ In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time
+ transfers use modes 1 through 5. Upon receipt of an incorrect mode 7
+ request or a mode 7 error response from an address which is not listed
+ in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will
+ reply with a mode 7 error response (and log a message). In this case:
+
+ * If an attacker spoofs the source address of ntpd host A in a
+ mode 7 response packet sent to ntpd host B, both A and B will
+ continuously send each other error responses, for as long as
+ those packets get through.
+
+ * If an attacker spoofs an address of ntpd host A in a mode 7
+ response packet sent to ntpd host A, A will respond to itself
+ endlessly, consuming CPU and logging excessively.
+
+ Credit for finding this vulnerability goes to Robin Park and Dmitri
+ Vinokurov of Alcatel-Lucent.
+
+THIS IS A STRONGLY RECOMMENDED UPGRADE.
+
+---
+NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04)
+
+Focus: Security and Bug Fixes
+
+Severity: HIGH
+
+This release fixes the following high-severity vulnerability:
+
+* [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
+
+ See http://support.ntp.org/security for more information.
+
+ If autokey is enabled (if ntp.conf contains a "crypto pw whatever"
+ line) then a carefully crafted packet sent to the machine will cause
+ a buffer overflow and possible execution of injected code, running
+ with the privileges of the ntpd process (often root).
+
+ Credit for finding this vulnerability goes to Chris Ries of CMU.
+
+This release fixes the following low-severity vulnerabilities:
+
+* [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
+ Credit for finding this vulnerability goes to Geoff Keating of Apple.
+
+* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
+ Credit for finding this issue goes to Dave Hart.
+
+This release fixes a number of bugs and adds some improvements:
+
+* Improved logging
+* Fix many compiler warnings
+* Many fixes and improvements for Windows
+* Adds support for AIX 6.1
+* Resolves some issues under MacOS X and Solaris
+
+THIS IS A STRONGLY RECOMMENDED UPGRADE.
+
+---
+NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07)
+
+Focus: Security Fix
+
+Severity: Low
+
+This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
+the OpenSSL library relating to the incorrect checking of the return
+value of EVP_VerifyFinal function.
+
+Credit for finding this issue goes to the Google Security Team for
+finding the original issue with OpenSSL, and to ocert.org for finding
+the problem in NTP and telling us about it.
+
+This is a recommended upgrade.
+---
NTP 4.2.4p5 (Harlan Stenn <stenn@ntp.org>, 2008/08/17)
Focus: Minor Bugfixes
OpenPOWER on IntegriCloud