** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **
Will Dormann with CERT informed us about a vulnerability in ntp:
If autokey is enabled (the ntp.conf file contains the line
"crypto pw whatever") a remote attacker can send a carefully crafted
packet that can overflow a stack buffer and potentially allow for
malicious code to be executed with the privilege level of the ntpd
"The reporter has indicated that 4.2.4p7-RC5 currently contains the
fix, and that this version will be the same as the release version,
aside from the version number."
So we can do prestabling with RC5, maybe just call it 4.2.4_p7 with some SRC_URI hax until moving into gentoo-x86.
Please prepare and attach an ebuild. As usual, no commits to CVS, please.
Stack-based buffer overflow in the crypto_recv function in
ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74,
when OpenSSL and autokey are enabled, allows remote attackers to
execute arbitrary code via a crafted packet containing an extension
ntp-4.2.4_p7 is now in the tree
GLSA draft filed.