updates are triggered. This is following the struct if_data ABI change a few
days ago; if_msghdr has an embedded if_data. Some may be unnecessary, but
some are definitely needed and bumps are cheaper than debugging.
Problem reported with wpa_supplicant by Mikolaj Kucharski.
(uncommon) conditions; if:
- remote configuration of ntpd is enabled (it's disabled by default),
- and an attacker knows the remote configuration password,
- and has access to a computer that is allowed to send remote configuration
requests to ntpd,
the attacker can send a carefully-crafted packet to ntpd that will cause ntpd
to crash.
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
CVE-2015-1798 "When ntpd is configured to use a symmetric key to authenticate a
remote NTP server/peer, it checks if the NTP message authentication code (MAC)
in received packets is valid, but not if there actually is any MAC included."
CVE-2015-1799 "An attacker knowing that NTP hosts A and B are peering with each
other (symmetric association) can send a packet to host A with source address
of B which will set the NTP state variables on A to the values sent by the
attacker. Host A will then send on its next poll to B a packet with originate
timestamp that doesn't match the transmit timestamp of B and the packet will be
dropped. If the attacker does this periodically for both hosts, they won't be
able to synchronize to each other."
- Weak default key in config_auth() - CVE-2014-9293
- non-cryptographic random number generator with weak seed used by
ntp-keygen to generate symmetric keys - CVE-2014-9294
- Buffer overflow in crypto_recv() - CVE-2014-9295
- Buffer overflow in ctl_putdata() - CVE-2014-9295
- Buffer overflow in configure() - CVE-2014-9295
- receive(): missing return on error - CVE-2014-9296
ok naddy@
- Weak default key in config_auth() - CVE-2014-9293
- non-cryptographic random number generator with weak seed used by
ntp-keygen to generate symmetric keys - CVE-2014-9294
- Buffer overflow in crypto_recv() - CVE-2014-9295
- Buffer overflow in ctl_putdata() - CVE-2014-9295
- Buffer overflow in configure() - CVE-2014-9295
- receive(): missing return on error - CVE-2014-9296
ok naddy@
the base system's openntpd.
Update removes a reflected unauthenticated DoS attack vector that has
been hit a lot in the wild recently, see http://www.openntpproject.org/
UDP traffic amplification 19x.
This is a devel version from upstream, they have decided not to fix it in
the stable branch. Users running older versions should add "disable monitor"
to their config and restart, then verify that "monlist" in ntpdc does not
return a list.
ok aja@, missing build dep spotted by naddy
Fix a DoS attack from certain NTP mode 7 packets. If an attacker
spoofed a source address, ntpd hosts could be made to endlessly
send responses to each other or to themselves. CVE-2009-3563.