Attachment 475458 Details for Bug 621128 – busybox-CVE-2016-6301.patch

[patch] busybox-CVE-2016-6301.patch

busybox-CVE-2016-6301.patch (text/plain), 1.30 KB, created by Andrey Ovcharov on 2017-06-07 13:33:32 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andrey Ovcharov

Created: 2017-06-07 13:33:32 UTC

Size: 1.30 KB

patch

obsolete

>busybox1.24.1: Fix CVE-2016-6301
>
>[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=1363710
>
>ntpd: NTP server denial of service flaw
>
>The busybox NTP implementation doesn't check the NTP mode of packets
>received on the server port and responds to any packet with the right
>size. This includes responses from another NTP server. An attacker can
>send a packet with a spoofed source address in order to create an
>infinite loop of responses between two busybox NTP servers. Adding
>more packets to the loop increases the traffic between the servers
>until one of them has a fully loaded CPU and/or network.
>
>Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71]
>CVE: CVE-2016-6301
>Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
>Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
>
>diff --git a/networking/ntpd.c b/networking/ntpd.c
>index 9732c9b..0f6a55f 100644
>--- a/networking/ntpd.c
>+++ b/networking/ntpd.c
>@@ -1985,6 +1985,13 @@ recv_and_process_client_pkt(void /*int fd*/)
> 		goto bail;
> 	}
> 
>+	/* Respond only to client and symmetric active packets */
>+	if ((msg.m_status & MODE_MASK) != MODE_CLIENT
>+	 && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
>+	) {
>+		goto bail;
>+	}
>+
> 	query_status = msg.m_status;
> 	query_xmttime = msg.m_xmttime;
>

Actions: View | Diff

Attachments on bug 621128: 475458