1) CVE-2020-11868 / NTP Bug 3592
"The fix for https://bugs.ntp.org/3445 introduced a bug whereby a system that is running ntp-4.2.8p12 or p13 that only has one unauthenticated time source can be attacked in a way that causes the victim's next poll to its source to be delayed, for as long as the attack is maintained."
2) NTP Bug 3596
"A high-performance ntpd instance that gets its time from unauthenticated IPv4 time sources may be vulnerable to an off-path attacker who can query time from the victim's ntpd instance. The attacker must be able to send and the victim must be able to receive and process a large number of packets with the spoofed IPv4 address of the upstream server. After 8 or more successful attacks in a row, the attacker can either modify the victim's clock by a limited amount or cause ntpd to exit. This attack is most effective in cases where an unusually short poll interval is expressly configured on the victim's ntpd."
@maintainer(s), please advise if ready for stabilisation or call yourself
acked by Polynomial-C, thanks!
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
The bug has been referenced in the following commit(s):
Author: Lars Wendler <email@example.com>
AuthorDate: 2020-06-23 16:16:22 +0000
Commit: Lars Wendler <firstname.lastname@example.org>
CommitDate: 2020-06-23 16:16:33 +0000
net-misc/ntp: Removed old
Package-Manager: Portage-2.3.102, Repoman-2.3.23
Signed-off-by: Lars Wendler <email@example.com>
net-misc/ntp/Manifest | 2 -
net-misc/ntp/files/ntp-4.2.8-gc-tests.patch | 41 --------
net-misc/ntp/ntp-4.2.8_p13-r2.ebuild | 144 ----------------------------
net-misc/ntp/ntp-4.2.8_p13.ebuild | 144 ----------------------------
4 files changed, 331 deletions(-)
This issue was resolved and addressed in
GLSA 202007-12 at https://security.gentoo.org/glsa/202007-12
by GLSA coordinator Sam James (sam_c).