Debian Bug report logs -
#525373
ntp: multiple security issues
Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Fri, 24 Apr 2009 03:19:31 UTC
Severity: grave
Tags: patch, security
Fixed in version ntp/1:4.2.4p6+dfsg-2
Done: Peter Eisentraut <petere@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>:
Bug#525373; Package ntp.
(Fri, 24 Apr 2009 03:19:33 GMT) (full text, mbox, link).
Acknowledgement sent
to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>.
(Fri, 24 Apr 2009 03:19:46 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ntp
Severity: important
Tags: patch, security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ntp.
CVE-2009-0159[0]:
| Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c
| in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute
| arbitrary code via a crafted response.
The upstream bug together with the patch can be found here[1]. The issue
can only be exploited by querying a malicious server and even then the
overflow is fairly limited.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
http://security-tracker.debian.net/tracker/CVE-2009-0159
[1] https://support.ntp.org/bugs/show_bug.cgi?id=1144
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>:
Bug#525373; Package ntp.
(Fri, 24 Apr 2009 07:06:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Peter Eisentraut <petere@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>.
(Fri, 24 Apr 2009 07:06:02 GMT) (full text, mbox, link).
Message #10 received at 525373@bugs.debian.org (full text, mbox, reply):
On Friday 24 April 2009 06:15:53 Steffen Joeris wrote:
> CVE-2009-0159[0]:
> | Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c
> | in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute
> | arbitrary code via a crafted response.
>
> The upstream bug together with the patch can be found here[1]. The issue
> can only be exploited by querying a malicious server and even then the
> overflow is fairly limited.
For unstable, I suggest that we wait for the p7 upstream release, which
appears to be not far away. For stable and oldstable we need to do the
security dance.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>:
Bug#525373; Package ntp.
(Fri, 05 Jun 2009 18:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Fritsch <sf@sfritsch.de>:
Extra info received and forwarded to list. Copy sent to Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>.
(Fri, 05 Jun 2009 18:39:05 GMT) (full text, mbox, link).
Message #15 received at 525373@bugs.debian.org (full text, mbox, reply):
retitle 525373 ntp: multiple security issues
severity 525373 grave
thanks
CVE-2009-1252:
Stack-based buffer overflow in the crypto_recv function in
ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74,
when OpenSSL and autokey are enabled, allows remote attackers to
execute arbitrary code via a crafted packet containing an extension
field.
Changed Bug title to `ntp: multiple security issues' from `CVE-2009-0159: buffer overflow in ntpq'.
Request was from Stefan Fritsch <sf@sfritsch.de>
to control@bugs.debian.org.
(Sat, 06 Jun 2009 07:36:04 GMT) (full text, mbox, link).
Severity set to `grave' from `important'
Request was from Stefan Fritsch <sf@sfritsch.de>
to control@bugs.debian.org.
(Sat, 06 Jun 2009 07:36:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>:
Bug#525373; Package ntp.
(Thu, 11 Jun 2009 13:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Fritsch <sf@sfritsch.de>:
Extra info received and forwarded to list. Copy sent to Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>.
(Thu, 11 Jun 2009 13:42:04 GMT) (full text, mbox, link).
Message #24 received at 525373@bugs.debian.org (full text, mbox, reply):
Hi,
is an upload expected soon? If not, I will NMU when I have time.
Cheers,
Stefan
Tags added: pending
Request was from Peter Eisentraut <petere@debian.org>
to control@bugs.debian.org.
(Fri, 12 Jun 2009 07:36:03 GMT) (full text, mbox, link).
Reply sent
to Peter Eisentraut <petere@debian.org>:
You have taken responsibility.
(Fri, 12 Jun 2009 15:55:53 GMT) (full text, mbox, link).
Notification sent
to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer.
(Fri, 12 Jun 2009 15:56:17 GMT) (full text, mbox, link).
Message #31 received at 525373-close@bugs.debian.org (full text, mbox, reply):
Source: ntp
Source-Version: 1:4.2.4p6+dfsg-2
We believe that the bug you reported is fixed in the latest version of
ntp, which is due to be installed in the Debian FTP archive:
ntp-doc_4.2.4p6+dfsg-2_all.deb
to pool/main/n/ntp/ntp-doc_4.2.4p6+dfsg-2_all.deb
ntp_4.2.4p6+dfsg-2.diff.gz
to pool/main/n/ntp/ntp_4.2.4p6+dfsg-2.diff.gz
ntp_4.2.4p6+dfsg-2.dsc
to pool/main/n/ntp/ntp_4.2.4p6+dfsg-2.dsc
ntp_4.2.4p6+dfsg-2_i386.deb
to pool/main/n/ntp/ntp_4.2.4p6+dfsg-2_i386.deb
ntpdate_4.2.4p6+dfsg-2_i386.deb
to pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 525373@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Eisentraut <petere@debian.org> (supplier of updated ntp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 12 Jun 2009 17:24:22 +0300
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: source all i386
Version: 1:4.2.4p6+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>
Changed-By: Peter Eisentraut <petere@debian.org>
Description:
ntp - Network Time Protocol daemon and utility programs
ntp-doc - Network Time Protocol documentation
ntpdate - client for setting system time from NTP servers
Closes: 524035 525373 525373 526086
Changes:
ntp (1:4.2.4p6+dfsg-2) unstable; urgency=medium
.
* Fixed typo in ntpdate man page (closes: #526086)
* Updated standards version
* Moved .dhcp version of configuration files to /var/lib/ntp and
/var/lib/ntpdate (closes: #524035)
* Cleaned up man pages to satisfy lintian's hyphen-used-as-minus-sign
complaint
* Fixed limited buffer overflow in ntpq (CVE-2009-0159) (closes: #525373)
* Fixed stack buffer overflow in ntpd (CVE-2009-1252) (closes: #525373)
* Use new status_of_proc function to report status in ntp init script
* Updated the config.guess/sub handling as recommended by autotools-dev to
not clutter the diff, added autotools-dev to build dependencies
Checksums-Sha1:
fef3ca75d0c840934237347bc5cd9bbfc1d5c4e6 1451 ntp_4.2.4p6+dfsg-2.dsc
c8a04b1085d921acc6df2f0650a291529b7afc1f 332372 ntp_4.2.4p6+dfsg-2.diff.gz
f8336f3b66ab42f07d4e896914703e1f4bdb8672 925866 ntp-doc_4.2.4p6+dfsg-2_all.deb
6231792e33463fd8ee9d36108d69c3c4f94964d5 431464 ntp_4.2.4p6+dfsg-2_i386.deb
58339a137c89a881b1b62673671ee8afb9b8d504 60198 ntpdate_4.2.4p6+dfsg-2_i386.deb
Checksums-Sha256:
afe6252b6a414e1a2b8b1a3f6f765944a49d1ae7647cfa00699ca9baf2131747 1451 ntp_4.2.4p6+dfsg-2.dsc
5890047cd5520ae93ff0e2fcc5a49d6bdce8980d501b71c7dc212daf2e10f00c 332372 ntp_4.2.4p6+dfsg-2.diff.gz
3a48df53132cbce85f29bb56c9dad686b523966de9b56b377e2c32138562a817 925866 ntp-doc_4.2.4p6+dfsg-2_all.deb
2eb8dfea7a8cf914c4abed50a76d4c5d75a9e87c38d2eb66da5aab22daef09b0 431464 ntp_4.2.4p6+dfsg-2_i386.deb
ba46b7945cf8f9eb9467f2230d6b5c895e923c10ae59a5d504ca135bc1749b56 60198 ntpdate_4.2.4p6+dfsg-2_i386.deb
Files:
0f7fcfeaddb0cae72345a4cd13d34eb1 1451 net optional ntp_4.2.4p6+dfsg-2.dsc
aa313cacbe56c3772e577ebe4fd88df8 332372 net optional ntp_4.2.4p6+dfsg-2.diff.gz
f7dba9542286af149e439028b13fdd47 925866 doc optional ntp-doc_4.2.4p6+dfsg-2_all.deb
47cc18ef4027f63f47258f15c681e98c 431464 net optional ntp_4.2.4p6+dfsg-2_i386.deb
cca431ded14df4a7383da5ff40842ac0 60198 net optional ntpdate_4.2.4p6+dfsg-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoyZgEACgkQTTx8oVVPtMb8QQCgujD+TFruchkwKBWkOHhAvxCz
4tkAoK9e9/GVy2E3iuoql0hU1C8AKZJz
=XNYo
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 26 Jul 2009 07:36:58 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:44:54 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon