[NetBSD] Denial of Service Schwachstelle in NetBSD – NetBSD-SA2010-005

[NetBSD] Denial of Service Schwachstelle in NetBSD - NetBSD-SA2010-005

Von

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung des NetBSD Security
Officers.Wir geben diese Informationen unveraendert an Sie weiter.

NTP Mode 7 (MODE_PRIVATE) Pakete werden vom ntpdc Programm verwendet
(ntpq benutzt Mode 6 (MODE_CONTROL)).

CVE-2009-3563 – Fehlerhafte Reaktion auf Mode 7 Pakete durch ntpd

Der NTP Daemon (ntpd) beantwortet ein fehlerhaftes Mode 7 Paket
seinerseits mit einer Mode 7 Fehlermeldung an den Absender. Durch
Spoofen der IP-Adresse kann ein Angreifer ueber das Netz zwei NTP
Daemons dazu bringen, sich staendig neue Mode 7 Pakete zuzusenden. Dies
fuehrt zum Verbrauch von Netzwerkbandbreite und CPU-Zeit durch Logging
von Meldungen auf den betroffenen Systemen und kann zu einem Denial of
Service Angriff missbraucht werden.

Betroffen sind die folgenden Software Pakete und Plattformen:

Paket ntp vor Version ntp-4.2.4p8

NetBSD-current vor 2009-12-08
NetBSD-5-0 vor 2009-12-08
NetBSD-5 vor 2009-12-08
NetBSD-4-0 vor 2009-12-08
NetBSD-4 vor 2009-12-08

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Torsten Voss

– —

Dipl.-Ing.(FH) Torsten Voss (Incident Response Team)

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen https://www.cert.dfn.de/autowarn

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

NetBSD Security Advisory 2010-005
=================================

Topic: NTP server Denial of Service vulnerability

Version: NetBSD-current: affected prior to 2009-12-08
NetBSD 5.0.2: not affected
NetBSD 5.0.1: affected
NetBSD 5.0: affected
NetBSD 4.0.*: affected
NetBSD 4.0: affected
pkgsrc: ntp package prior to 4.2.4p8

Severity: Remote Denial of Service

Fixed: NetBSD-current: Dec 8, 2009
NetBSD-5-0 branch: Dec 8, 2009
NetBSD-5 branch: Dec 8, 2009
NetBSD-4-0 branch: Dec 8, 2009
NetBSD-4 branch: Dec 8, 2009
pkgsrc 2009Q4: ntp-4.2.4p8 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

A programming error in the handling of NTP MODE_PRIVATE packets
allows a remote attacker to cause a denial of service.

This vulnerability has been assigned CVE-2009-3563 and CERT
Vulnerability Note VU#568372.

Technical Details
=================

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows
remote attackers to cause a denial of service (CPU and bandwidth
consumption) by using MODE_PRIVATE to send a spoofed (1) request or
(2) response packet that triggers a continuous exchange of
MODE_PRIVATE error responses between two NTP daemons.

Solutions and Workarounds
=========================

As a workaround, disable the NTP service in your system by running the
following commands:

# /etc/rc.d/ntpd stop
# echo ntpd=NO > /etc/rc.conf.d/ntpd

The following instructions describe how to upgrade your ntpd
binaries by updating your source tree and rebuilding and
installing a new version of ntpd:

* NetBSD-current:

Systems running NetBSD-current dated from before 2009-12-08
should be upgraded to NetBSD-current dated 2009-12-09 or later.

The following files/directories need to be updated from the
netbsd-current CVS branch (aka HEAD):
dist/ntp/ntpd/ntp_request.c

To update from CVS, re-build, and re-install ntpd:
# cd src
# cvs update -d -P dist/ntp/ntpd/ntp_request.c
# cd usr.sbin/ntp/ntpd
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install

* NetBSD 5.*:

Systems running NetBSD 5.* sources dated from before
2009-12-08 should be upgraded from NetBSD 5.* sources dated
2009-12-09 or later.

The following files/directories need to be updated from the
netbsd-5 or netbsd-5-0 branches:
dist/ntp/ntpd/ntp_request.c

To update from CVS, re-build, and re-install ntpd:

# cd src
# cvs update -r -d -P dist/ntp/ntpd/ntp_request.c
# cd usr.sbin/ntp/ntpd
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install

* NetBSD 4.*:

Systems running NetBSD 4.* sources dated from before
2009-12-08 should be upgraded from NetBSD 4.* sources dated
2009-12-09 or later.

The following files/directories need to be updated from the
netbsd-4 or netbsd-4-0 branches:
dist/ntp/ntpd/ntp_request.c

To update from CVS, re-build, and re-install ntpd:

# cd src
# cvs update -r -d -P dist/ntp/ntpd/ntp_request.c
# cd usr.sbin/ntp/ntpd
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install

Thanks To
=========

Dmitri Vinokurov and Robin Park for discovering and reporting the vulnerability,
and Frank Kardel for fixing it in NetBSD.

Revision History
================

2010-04-27 Initial release

More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .

Copyright 2010, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2010-005.txt,v 1.1 2010/04/25 23:25:30 tonnerre Exp $

– —–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.10 (NetBSD)

iQIcBAEBAgAGBQJL1flpAAoJEAZJc6xMSnBuHFAP/A+uCEy1p6SUPzA47tn4j1XC
UKctSH0F3KCtIp28HLJdqr5jfFiFlKfN4bQYPVK8cmALW/RHFvf4H+b2WR7Xnrvz
quLpbodMgEA16VRSSZKAR4WPl49znnoJOf3SeWmOcx+tj89/t83VTLJX/mGwxdLo
fOHqmmQe0th7oAqtegpW0RfO3B5/5Zq4zOoZbp3M3NJHDEYD1YY6u9TufLIbQ4k0
l7tRoEevG2sputJKGzlLkR6NGS2r3ZGjnNrmLMBvndI6NieIW/k7NKNJtJz+sPtP
6h8jFdCJjB7Vwf3Dcart1M3Vu3CWJXdlOycYAli8BSSzhFyE6abu5VyiKTSPJbgI
OOaJqLTYR7ZQY0cMYAaUd89MLVX7SF4bzKbYdpflrt2M1SmMY7SnO0vM97X7MplE
Mu+zCqzNnWwHMB1I4SK0jsSu1KH13ZNcZLo+2xcvuWxFQt+zU3uEtuitAYfm9wRY
BZdcihWBbmdaZJyE8wZFtujqqcaEX6cGtEty09SHgRL5VH3XvcuJf/5Ls+jVO1a4
61rd5byxJIM1a32dgamg48qpkE63LRy5GHavn67r391bAoWmUrfHt+9p7z/8IpfZ
KKdnw+R3a1t0BGH/yPcqVVD8oXY/xn80q0rqqqQxgI6ospqPHc3/jDUwnLRRI4Ae
OFFiV8sDaPu1BSURxu1a
=k9Vv
– —–END PGP SIGNATURE—–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFL1syEWmhIvjFb90URAs4iAJ9JykDRHBVSiSBQvzMZm4jTddglBACeOwZ3
t2RgyPWTjBzdMQUvmlj9fGY=
=rolf
—–END PGP SIGNATURE—–

© COMPUTEC MEDIA GmbH
Nach oben