[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:31.ntp

Kevin Oberman rkoberman at gmail.com
Wed Dec 24 01:03:54 UTC 2014 

What month is 2014-14-22? I assume tgat you meant 2014-12-22.
On Dec 23, 2014 3:35 PM, "FreeBSD Security Advisories" <
security-advisories at freebsd.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
>
> =============================================================================
> FreeBSD-SA-14:31.ntp                                        Security
> Advisory
>                                                           The FreeBSD
> Project
>
> Topic:          Multiple vulnerabilities in NTP suite
>
> Category:       contrib
> Module:         ntp
> Announced:      2014-12-23
> Affects:        All supported versions of FreeBSD.
> Corrected:      2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE)
>                 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)
>                 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)
>                 2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE)
>                 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)
>                 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)
>                 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)
>                 2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE)
>                 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)
> CVE Name:       CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:https://security.FreeBSD.org/>.
>
> I.   Background
>
> The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
> used to synchronize the time of a computer system to a reference time
> source.
>
> II.  Problem Description
>
> When no authentication key is set in the configuration file, ntpd(8)
> would generate a random key that uses a non-linear additive feedback random
> number generator seeded with very few bits of entropy.  [CVE-2014-9293]
> The ntp-keygen(8) utility is also affected by a similar issue.
> [CVE-2014-9294]
>
> When Autokey Authentication is enabled, for example if ntp.conf(5) contains
> a 'crypto pw' directive, a remote attacker can send a carefully
> crafted packet that can overflow a stack buffer.  [CVE-2014-9295]
>
> In ntp_proto.c, the receive() function is missing a return statement in
> the case when an error is detected.  [CVE-2014-9296]
>
> III. Impact
>
> The NTP protocol uses keys to implement authentication.  The weak
> seeding of the pseudo-random number generator makes it easier for an
> attacker to brute-force keys, and thus may broadcast incorrect time stamps
> or masquerade as another time server. [CVE-2014-9293, CVE-2014-9294]
>
> An attacker may be able to utilize the buffer overflow to crash the ntpd(8)
> daemon or potentially run arbitrary code with the privileges of the ntpd(8)
> process, which is typically root. [CVE-2014-9295]
>
> IV.  Workaround
>
> No workaround is available, but systems not running ntpd(8) are not
> affected.  Because the issue may lead to remote root compromise, the
> FreeBSD Security Team recommends system administrators to firewall NTP
> ports, namely tcp/123 and udp/123 when it is not clear that all systems
> have been patched or have ntpd(8) stopped.
>
> V.   Solution
>
> NOTE WELL: It is advisable to regenerate all keys used for NTP
> authentication, if configured.
>
> Perform one of the following:
>
> 1) Upgrade your vulnerable system to a supported FreeBSD stable or
> release / security branch (releng) dated after the correction date.
>
> 2) To update your vulnerable system via a binary patch:
>
> Systems running a RELEASE version of FreeBSD on the i386 or amd64
> platforms can be updated via the freebsd-update(8) utility:
>
> # freebsd-update fetch
> # freebsd-update install
>
> 3) To update your vulnerable system via a source code patch:
>
> The following patches have been verified to apply to the applicable
> FreeBSD release branches.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> # fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch
> # fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc
> # gpg --verify ntp.patch.asc
>
> b) Apply the patch.  Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/patch
>
> c) Recompile the operating system using buildworld and installworld as
> described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
>
> Restart the ntpd(8) daemons, or reboot the system.
>
> VI.  Correction details
>
> The following list contains the correction revision numbers for each
> affected branch.
>
> Branch/path                                                      Revision
> - -------------------------------------------------------------------------
> stable/8/                                                         r276073
> releng/8.4/                                                       r276154
> stable/9/                                                         r276073
> releng/9.1/                                                       r276155
> releng/9.2/                                                       r276156
> releng/9.3/                                                       r276157
> stable/10/                                                        r276072
> releng/10.0/                                                      r276158
> releng/10.1/                                                      r276159
> - -------------------------------------------------------------------------
>
> To see which files were modified by a particular revision, run the
> following command, replacing NNNNNN with the revision number, on a
> machine with Subversion installed:
>
> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
>
> Or visit the following URL, replacing NNNNNN with the revision number:
>
> <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
>
> VII. References
>
> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293>
>
> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294>
>
> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295>
>
> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296>
>
> <URL:https://www.kb.cert.org/vuls/id/852879>
>
> The latest revision of this advisory is available at
> <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-14:31.ntp.asc>
> -----BEGIN PGP SIGNATURE-----
>
> iQIcBAEBCgAGBQJUmfSAAAoJEO1n7NZdz2rnV/IQAMeAuVbyKDMu3mec0ErpL5z8
> OcSxVxKWH9udDJQkpiw6OaU4ks7PGOH/PgAad0mIhWPflXtpUlWMQtUa54Ds4s/t
> NjknM2vS4sBMZLk0Poqsts0TohfwdxF+CT8OCZARA2i3t70Ov0Y9BeoCatL2rnS+
> rPbhhlnQXrsAJDCKcjSrYw+37cDNEdcvk4UKhiKh76J6CXwn2cT6h1dXTMFyImWq
> slTNlkJV6iFMNYn3oSA8nCVEJVMw2XQwVfg2qzkpZcuDGKE5fFpdvX3VcRP7b2cq
> zwSClt29B7FF3EjrplRuEdgxDk8m9PjVbUz9tocLPIqV0RjhTA9j7MhNcWH5G3Dh
> u6NQDsA0WzE8Ki2mrWpTEAFp21ZzSyXXtZ703XYiXbQKNG9lKEFv5Z8ffVHSrUT7
> uB2BsP+LrnnWNNdjkRSSSxrfy4CvFLsdQ9FI1FNz+oofEio6yPO+W47pBH//Nbj0
> wfeReW1OlbrtWF6NHZr4CfX+Lx9hu4CXXdXRWKdMDTYUywr0V6BiIsrNlN1z7XCy
> 90+43twFhGBsOSVD5PpcDmt9oEYfpwWKdXO6dXClCo+mxAki/fgf5Y24cTT9DTQn
> CKuVZuyaMi+HZ0jf2sKITQ03S8+Nrn7cZEXkIGScfT5z1Y8pcN+7bRhB1DpaCs0q
> IIw6TjJXQm8DTMuBIwf3
> =oSCq
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-announce at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-announce
> To unsubscribe, send any mail to "freebsd-announce-unsubscribe at freebsd.org
> "
>

More information about the freebsd-security mailing list