From owner-freebsd-security@FreeBSD.ORG Mon Dec 22 10:25:25 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8676D80B for ; Mon, 22 Dec 2014 10:25:25 +0000 (UTC) Received: from mail2.mbox.lu (mail.mbox.lu [85.93.212.24]) by mx1.freebsd.org (Postfix) with ESMTP id 1776164CE2 for ; Mon, 22 Dec 2014 10:25:24 +0000 (UTC) Received: from mail2.mbox.lu (localhost [127.0.0.1]) by mail2.mbox.lu (Postfix) with ESMTP id 22DD832516; Mon, 22 Dec 2014 11:25:31 +0100 (CET) Received: from [172.16.100.79] (unknown [178.254.69.231]) by mail2.mbox.lu (Postfix) with ESMTPSA id ED2C032457; Mon, 22 Dec 2014 11:25:30 +0100 (CET) Subject: Re: ntpd vulnerabilities Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Content-Type: multipart/signed; boundary="Apple-Mail=_9D20F298-84D9-431C-93D2-99D16C17A22C"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Pgp-Agent: GPGMail 2.5b3 From: Steve Clement In-Reply-To: Date: Mon, 22 Dec 2014 11:25:22 +0100 Message-Id: References: <252350272.1812596.1419241828431.JavaMail.zimbra@cleverbridge.com> To: Winfried Neessen X-Mailer: Apple Mail (2.1993) X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2014 10:25:25 -0000 --Apple-Mail=_9D20F298-84D9-431C-93D2-99D16C17A22C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Chances are good it is vulnerable: = https://svnweb.freebsd.org/base/release/10.0.0/contrib/ntp/ntpd/ntpd.c?vie= w=3Dlog = = https://svnweb.freebsd.org/base/release/10.1.0/contrib/ntp/ntpd/ntpd.c?vie= w=3Dlog = Regarding the diff: diff -ru ntp-dev-4.2.7p486-RC ntp-4.2.8 |wc -l 7723 Cherry picking the patches is easier. ntpd source trees: http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ = http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ = Luckily that is still up=E2=80=A6 atm ntp.org is down. Here is the cached version of the notice: = http://webcache.googleusercontent.com/search?q=3Dcache:support.ntp.org/bin= /view/Main/SecurityNotice -- Steve Clement https://www.twitter.com/SteveClement mailto:steve@localhost.lu .lu: +352 20 333 55 65 > On 22 Dec 2014, at 11:06, Steve Clement wrote: >=20 > If someone could share a diff between ntpd 4.2.7 and 4.2.8 would be a = good start. --Apple-Mail=_9D20F298-84D9-431C-93D2-99D16C17A22C Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJUl/GSAAoJEGmiD1Cb5K7pyioP/14RmKs/f3Ywu6AblXUjMgXU mZy+RId2eq5xQ+6mVieE1xK+8a5aKwkixekUBX5kB99acvIHfU36J2KIIs6BkuZa 7RAq5XAC8h2TmJVCXsSmhFxKBKdvDfp0lhXvdgPt59BCLxDPTdUDUAyWl29Zodai pdJU2PR/Nb/f45WQVo22bHF890I5vgCnMiSjhGytrPNcm4p1Hilr8UeG5cDPZtNA JjrXmCD8rNJh9IYFGVxtvl3EpqQ2SDSJOiYPTAR9PjPOOvQM8U8w4ZlpsxEv8eRA +94tfqs1UxJgF69hV36zMw8sICWhehD0TgZsYbUoOYf2YZeO0AguUJOg9eNXZa+F y3BxLMpZU0TkWTtKZ3wtu3xwrs5rm2o2USHqWt10AFIm26D1UkkgE1TodfmY+1xB 4DKzJpXnCF3dcf2K8+cSgho8llpFGDGu+J07CFR8c6kN8qdVX1zsYj7MtVBZnipH mC8pHxkSP8P4Xznc0lhWyX8II1/5y9kXwFOEDMJNDeXfCRSuIdHtPoF9KAhZZy4K MVIxmShz7WRCG5DU+Mo2lWTqX1ChYnE88m7gad79zQfiIzKdNaKTVvwcYLCzVh31 BX9GvOU2Alu8uI2H5yNpWMeMNSWVugtwXO2f3QzCUOsYl7nec1HCIEQFsK/Uwe5V 0JNSp6YFiSpNzwcWlDbf =R5sA -----END PGP SIGNATURE----- --Apple-Mail=_9D20F298-84D9-431C-93D2-99D16C17A22C--