Date: Thu, 7 Jan 2010 03:58:20 -0500 From: jhell <jhell@DataIX.net> To: FreeBSD Security <freebsd-security@freebsd.org> Cc: FreeBSD Security Advisories <security-advisories@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-10:02.ntpd Message-ID: <alpine.BSF.2.00.1001070350180.1722@pragry.gglcubvq.ybpny> In-Reply-To: <201001062255.o06Mta8a089129@freefall.freebsd.org> References: <201001062255.o06Mta8a089129@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
With the directions in this message you will receive the following error: make: don't know how to make /usr/obj/usr/src/usr.sbin/ntp/ntpd/../libparse/libparse.a. Stop Should state (minimal) # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.sbin/ntp # make obj && make depend && make && make install # /etc/rc.d/ntpd restart Please note this for next time. This is the second time I have counted that this has been overlooked. On Wed, 6 Jan 2010 17:55, security-advisories@ wrote: > ---------------------------- PGP Command Output ---------------------------- > gpg: Signature made Wed Jan 6 17:32:00 2010 EST using DSA key ID CA6CDFB2 > gpg: Good signature from "FreeBSD Security Officer <security-officer@FreeBSD.org>" > ----------- Begin PGP Signed Message Verified 2010-01-07 03:50:19 ---------- > > ============================================================================= > FreeBSD-SA-10:02.ntpd Security Advisory > The FreeBSD Project > > Topic: ntpd mode 7 denial of service > > Category: contrib > Module: ntpd > Announced: 2010-01-06 > Affects: All supported versions of FreeBSD. > Corrected: 2010-01-06 21:45:30 UTC (RELENG_8, 8.0-STABLE) > 2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2) > 2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE) > 2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6) > 2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10) > 2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE) > 2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9) > 2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15) > CVE Name: CVE-2009-3563 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:http://security.FreeBSD.org/>. > > I. Background > > The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) > used to synchronize the time of a computer system to a reference time > source. > > II. Problem Description > > If ntpd receives a mode 7 (MODE_PRIVATE) request or error response > from a source address not listed in either a 'restrict ... noquery' > or a 'restrict ... ignore' section it will log the even and send > a mode 7 error response. > > III. Impact > > If an attacker can spoof such a packet from a source IP of an affected > ntpd to the same or a different affected ntpd, the host(s) will endlessly > send error responses to each other and log each event, consuming network > bandwidth, CPU and possibly disk space. > > IV. Workaround > > Proper filtering of mode 7 NTP packets by a firewall can limit the > number of systems used to attack your resources. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE, > or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or > RELENG_6_3 security branch dated after the correction date. > > 2) To patch your present system: > > The following patches have been verified to apply to FreeBSD 6.3, 6.4, > 7.1, 7.2, and 8.0 systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch > # fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > # cd /usr/src/usr.sbin/ntp/ntpd > # make obj && make depend && make && make install > # /etc/rc.d/ntpd restart > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > CVS: > > Branch Revision > Path > ------------------------------------------------------------------------- > RELENG_6 > src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.2 > RELENG_6_4 > src/UPDATING 1.416.2.40.2.13 > src/sys/conf/newvers.sh 1.69.2.18.2.15 > src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.1.2.1 > RELENG_6_3 > src/UPDATING 1.416.2.37.2.20 > src/sys/conf/newvers.sh 1.69.2.15.2.19 > src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.20.1 > RELENG_7 > src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.2 > RELENG_7_2 > src/UPDATING 1.507.2.23.2.9 > src/sys/conf/newvers.sh 1.72.2.11.2.10 > src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.4.1 > RELENG_7_1 > src/UPDATING 1.507.2.13.2.13 > src/sys/conf/newvers.sh 1.72.2.9.2.14 > src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.2.1 > RELENG_8 > src/contrib/ntp/ntpd/ntp_request.c 1.2.2.1 > RELENG_8_0 > src/UPDATING 1.632.2.7.2.5 > src/sys/conf/newvers.sh 1.83.2.6.2.5 > src/contrib/ntp/ntpd/ntp_request.c 1.2.4.1 > ------------------------------------------------------------------------- > > Subversion: > > Branch/path Revision > ------------------------------------------------------------------------- > stable/6/ r201679 > releng/6.4/ r201679 > releng/6.3/ r201679 > stable/7/ r201679 > releng/7.2/ r201679 > releng/7.1/ r201679 > stable/8/ r201679 > releng/8.0/ r201679 > head/ r200576 > ------------------------------------------------------------------------- > > VII. References > > http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode > https://support.ntp.org/bugs/show_bug.cgi?id=1331 > http://www.kb.cert.org/vuls/id/568372 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-10:02.ntpd.asc > > ------------ End PGP Signed Message Verified 2010-01-07 03:50:19 ----------- > -- Thu Jan 7 03:50:18 2010 jhell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1001070350180.1722>