From owner-freebsd-security@FreeBSD.ORG Thu Jan 7 08:58:46 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4021E1065672 for ; Thu, 7 Jan 2010 08:58:46 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.210.172]) by mx1.freebsd.org (Postfix) with ESMTP id D18318FC25 for ; Thu, 7 Jan 2010 08:58:45 +0000 (UTC) Received: by yxe2 with SMTP id 2so3445117yxe.7 for ; Thu, 07 Jan 2010 00:58:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:date:from:to:cc :subject:in-reply-to:message-id:references:user-agent :x-openpgp-key-id:x-openpgp-key-fingerprint:mime-version :content-type; bh=iN56U+z/Ze9iuOr1wg43p3KL7TWo9Erq7CgJfyceLKk=; b=Fyqw3Mo/yoN5SNurZNovffV4H+S2lC7p6OlAU+0Ka5+Ox5Uk/KGRzMatWY7ZPVXzsI vCCDlvGKxnDZuSCpcDtq1o82e/uGyfsYD54CIG2YncBNtkHR7s+pXDvrdcp44Dz03hwl FZl/ej7ZEM9iy8Yy8TvjY2fddYGhWoOjd8YCE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:in-reply-to:message-id:references :user-agent:x-openpgp-key-id:x-openpgp-key-fingerprint:mime-version :content-type; b=VG5J7LCpPYDFpRtMgiGPY2GzySiXy1vGEXt1BaJZlrARDxQcuFLnCPUJI6BVh8X/aZ nSy8gxcRGma2u8Fy6Z5SQyTjA/cBt2UT2vHGZLPwdVVY4lk3hOgHxNy4DgWTu/SZP9xa T1t7FAPthh91MiwLIO+OiJMK0Ym1ai5IVdUGU= Received: by 10.150.240.13 with SMTP id n13mr2494847ybh.227.1262854720643; Thu, 07 Jan 2010 00:58:40 -0800 (PST) Received: from centel.ttyphoid.local (ppp-21.170.dialinfree.com [209.172.21.170]) by mx.google.com with ESMTPS id 20sm20314390iwn.13.2010.01.07.00.58.30 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 07 Jan 2010 00:58:39 -0800 (PST) Sender: "J. Hellenthal" Date: Thu, 7 Jan 2010 03:58:20 -0500 From: jhell To: FreeBSD Security In-Reply-To: <201001062255.o06Mta8a089129@freefall.freebsd.org> Message-ID: References: <201001062255.o06Mta8a089129@freefall.freebsd.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: FreeBSD Security Advisories Subject: Re: FreeBSD Security Advisory FreeBSD-SA-10:02.ntpd X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jan 2010 08:58:46 -0000 With the directions in this message you will receive the following error: make: don't know how to make /usr/obj/usr/src/usr.sbin/ntp/ntpd/../libparse/libparse.a. Stop Should state (minimal) # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.sbin/ntp # make obj && make depend && make && make install # /etc/rc.d/ntpd restart Please note this for next time. This is the second time I have counted that this has been overlooked. On Wed, 6 Jan 2010 17:55, security-advisories@ wrote: > ---------------------------- PGP Command Output ---------------------------- > gpg: Signature made Wed Jan 6 17:32:00 2010 EST using DSA key ID CA6CDFB2 > gpg: Good signature from "FreeBSD Security Officer " > ----------- Begin PGP Signed Message Verified 2010-01-07 03:50:19 ---------- > > ============================================================================= > FreeBSD-SA-10:02.ntpd Security Advisory > The FreeBSD Project > > Topic: ntpd mode 7 denial of service > > Category: contrib > Module: ntpd > Announced: 2010-01-06 > Affects: All supported versions of FreeBSD. > Corrected: 2010-01-06 21:45:30 UTC (RELENG_8, 8.0-STABLE) > 2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2) > 2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE) > 2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6) > 2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10) > 2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE) > 2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9) > 2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15) > CVE Name: CVE-2009-3563 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) > used to synchronize the time of a computer system to a reference time > source. > > II. Problem Description > > If ntpd receives a mode 7 (MODE_PRIVATE) request or error response > from a source address not listed in either a 'restrict ... noquery' > or a 'restrict ... ignore' section it will log the even and send > a mode 7 error response. > > III. Impact > > If an attacker can spoof such a packet from a source IP of an affected > ntpd to the same or a different affected ntpd, the host(s) will endlessly > send error responses to each other and log each event, consuming network > bandwidth, CPU and possibly disk space. > > IV. Workaround > > Proper filtering of mode 7 NTP packets by a firewall can limit the > number of systems used to attack your resources. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE, > or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or > RELENG_6_3 security branch dated after the correction date. > > 2) To patch your present system: > > The following patches have been verified to apply to FreeBSD 6.3, 6.4, > 7.1, 7.2, and 8.0 systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch > # fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > # cd /usr/src/usr.sbin/ntp/ntpd > # make obj && make depend && make && make install > # /etc/rc.d/ntpd restart > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > CVS: > > Branch Revision > Path > ------------------------------------------------------------------------- > RELENG_6 > src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.2 > RELENG_6_4 > src/UPDATING 1.416.2.40.2.13 > src/sys/conf/newvers.sh 1.69.2.18.2.15 > src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.1.2.1 > RELENG_6_3 > src/UPDATING 1.416.2.37.2.20 > src/sys/conf/newvers.sh 1.69.2.15.2.19 > src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.20.1 > RELENG_7 > src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.2 > RELENG_7_2 > src/UPDATING 1.507.2.23.2.9 > src/sys/conf/newvers.sh 1.72.2.11.2.10 > src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.4.1 > RELENG_7_1 > src/UPDATING 1.507.2.13.2.13 > src/sys/conf/newvers.sh 1.72.2.9.2.14 > src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.2.1 > RELENG_8 > src/contrib/ntp/ntpd/ntp_request.c 1.2.2.1 > RELENG_8_0 > src/UPDATING 1.632.2.7.2.5 > src/sys/conf/newvers.sh 1.83.2.6.2.5 > src/contrib/ntp/ntpd/ntp_request.c 1.2.4.1 > ------------------------------------------------------------------------- > > Subversion: > > Branch/path Revision > ------------------------------------------------------------------------- > stable/6/ r201679 > releng/6.4/ r201679 > releng/6.3/ r201679 > stable/7/ r201679 > releng/7.2/ r201679 > releng/7.1/ r201679 > stable/8/ r201679 > releng/8.0/ r201679 > head/ r200576 > ------------------------------------------------------------------------- > > VII. References > > http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode > https://support.ntp.org/bugs/show_bug.cgi?id=1331 > http://www.kb.cert.org/vuls/id/568372 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-10:02.ntpd.asc > > ------------ End PGP Signed Message Verified 2010-01-07 03:50:19 ----------- > -- Thu Jan 7 03:50:18 2010 jhell