Date: Thu, 22 Dec 2016 17:50:21 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r429172 - head/security/vuxml Message-ID: <201612221750.uBMHoLvL059759@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Thu Dec 22 17:50:21 2016 New Revision: 429172 URL: https://svnweb.freebsd.org/changeset/ports/429172 Log: Document FreeBSD-SA-16:39.ntp Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Dec 22 17:38:19 2016 (r429171) +++ head/security/vuxml/vuln.xml Thu Dec 22 17:50:21 2016 (r429172) @@ -58,6 +58,105 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="fcedcdbb-c86e-11e6-b1cf-14dae9d210b8"> + <topic>FreeBSD -- Multiple vulnerabilities of ntp</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>11.0</ge><lt>11.0_6</lt></range> + <range><ge>10.3</ge><lt>10.3_15</lt></range> + <range><ge>10.2</ge><lt>10.2_28</lt></range> + <range><ge>10.1</ge><lt>10.1_45</lt></range> + <range><ge>9.3</ge><lt>9.3_53</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <h1>Problem Description:</h1> + <p>Multiple vulnerabilities have been discovered in the NTP + suite:</p> + <p>CVE-2016-9311: Trap crash, Reported by Matthew Van Gundy + of Cisco ASIG.</p> + <p>CVE-2016-9310: Mode 6 unauthenticated trap information + disclosure and DDoS vector. Reported by Matthew Van Gundy + of Cisco ASIG.</p> + <p>CVE-2016-7427: Broadcast Mode Replay Prevention DoS. + Reported by Matthew Van Gundy of Cisco ASIG.</p> + <p>CVE-2016-7428: Broadcast Mode Poll Interval Enforcement + DoS. Reported by Matthew Van Gundy of Cisco ASIG.</p> + <p>CVE-2016-7431: Regression: 010-origin: Zero Origin + Timestamp Bypass. Reported by Sharon Goldberg and Aanchal + Malhotra of Boston University.</p> + <p>CVE-2016-7434: Null pointer dereference in + _IO_str_init_static_internal(). Reported by Magnus Stubman.</p> + <p>CVE-2016-7426: Client rate limiting and server responses. + Reported by Miroslav Lichvar of Red Hat.</p> + <p>CVE-2016-7433: Reboot sync calculation problem. Reported + independently by Brian Utterback of Oracle, and by Sharon + Goldberg and Aanchal Malhotra of Boston University.</p> + <h1>Impact:</h1> + <p>A remote attacker who can send a specially crafted packet + to cause a NULL pointer dereference that will crash ntpd, + resulting in a Denial of Service. [CVE-2016-9311]</p> + <p>An exploitable configuration modification vulnerability + exists in the control mode (mode 6) functionality of ntpd. + If, against long-standing BCP recommendations, "restrict + default noquery ..." is not specified, a specially crafted + control mode packet can set ntpd traps, providing information + disclosure and DDoS amplification, and unset ntpd traps, + disabling legitimate monitoring by an attacker from remote. + [CVE-2016-9310]</p> + <p>An attacker with access to the NTP broadcast domain can + periodically inject specially crafted broadcast mode NTP + packets into the broadcast domain which, while being logged + by ntpd, can cause ntpd to reject broadcast mode packets + from legitimate NTP broadcast servers. [CVE-2016-7427]</p> + <p>An attacker with access to the NTP broadcast domain can + send specially crafted broadcast mode NTP packets to the + broadcast domain which, while being logged by ntpd, will + cause ntpd to reject broadcast mode packets from legitimate + NTP broadcast servers. [CVE-2016-7428]</p> + <p>Origin timestamp problems were fixed in ntp 4.2.8p6. + However, subsequent timestamp validation checks introduced + a regression in the handling of some Zero origin timestamp + checks. [CVE-2016-7431]</p> + <p>If ntpd is configured to allow mrulist query requests + from a server that sends a crafted malicious packet, ntpd + will crash on receipt of that crafted malicious mrulist + query packet. [CVE-2016-7434]</p> + <p>An attacker who knows the sources (e.g., from an IPv4 + refid in server response) and knows the system is (mis)configured + in this way can periodically send packets with spoofed + source address to keep the rate limiting activated and + prevent ntpd from accepting valid responses from its sources. + [CVE-2016-7426]</p> + <p>Ntp Bug 2085 described a condition where the root delay + was included twice, causing the jitter value to be higher + than expected. Due to a misinterpretation of a small-print + variable in The Book, the fix for this problem was incorrect, + resulting in a root distance that did not include the peer + dispersion. The calculations and formulas have been reviewed + and reconciled, and the code has been updated accordingly. + [CVE-2016-7433]</p> + </body> + </description> + <references> + <cvename>CVE-2016-7426</cvename> + <cvename>CVE-2016-7427</cvename> + <cvename>CVE-2016-7428</cvename> + <cvename>CVE-2016-7431</cvename> + <cvename>CVE-2016-7433</cvename> + <cvename>CVE-2016-7434</cvename> + <cvename>CVE-2016-9310</cvename> + <cvename>CVE-2016-9311</cvename> + <freebsdsa>SA-16:39.ntp</freebsdsa> + </references> + <dates> + <discovery>2016-12-22</discovery> + <entry>2016-12-22</entry> + </dates> + </vuln> + <vuln vid="42880202-c81c-11e6-a9a5-b499baebfeaf"> <topic>cURL -- buffer overflow</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612221750.uBMHoLvL059759>