svn commit: r527761 - head/security/vuxml

Cy Schubert cy at FreeBSD.org
Wed Mar 4 15:23:16 UTC 2020 

Author: cy
Date: Wed Mar  4 15:23:15 2020
New Revision: 527761
URL: https://svnweb.freebsd.org/changeset/ports/527761

Log:
  Document the latest nwtime.org ntp security advisory found at:
  http://support.ntp.org/bin/view/Main/SecurityNotice#\
  March_2020_ntp_4_2_8p14_NTP_Rele
  
  No CVEs have been documented yet.
  
  Security:	http://support.ntp.org/bin/view/Main/NtpBug3610
  		http://support.ntp.org/bin/view/Main/NtpBug3596
  		http://support.ntp.org/bin/view/Main/NtpBug3592

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Mar  4 15:22:43 2020	(r527760)
+++ head/security/vuxml/vuln.xml	Wed Mar  4 15:23:15 2020	(r527761)
@@ -58,6 +58,62 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="591a706b-5cdc-11ea-9a0a-206a8a720317">
+    <topic>ntp -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>FreeBSD</name>
+	<range><ge>11.3</ge><lt>11.3_7</lt></range>
+	<range><ge>12.0</ge><lt>12.0_14</lt></range>
+	<range><ge>12.1</ge><lt>12.1_3</lt></range>
+      </package>
+      <package>
+	<name>ntp</name>
+	<range><lt>4.2.8p14</lt></range>
+      </package>
+      <package>
+	<name>ntp-devel</name>
+	<range><le>4.3.99_6</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>nwtine.org reports:</p>
+	<blockquote cite="https://support.ntp.org/bin/view/Main/SecurityNotice">
+	  <p>Three ntp vulnerabilities, Depending on configuration, may have
+	    little impact up to termination of the ntpd process.</p>
+	  <p>NTP Bug 3610:  Process_control() should exit earlier on short
+	    packets.  On systems that override the default and enable ntpdc
+	    (mode 7) fuzz testing detected that  a short packet will cause
+	    ntpd to read uninitialized data.</p>
+	  <p>NTP Bug 3596:  An unauthenticated unmonitored ntpd is vulnerable
+	    to attack on IPv4 with highly predictable transmit timestamps. An
+	    off-path attacker who can query time from the victim's ntp which
+	    receives time from an unauthenticated time source must be able to
+	    send from a spoofed IPv4 address of upstream ntp server and and
+	    the victim must be able to process a large number of packets with
+	    the spoofed IPv4 address of the upstream server.  After eight or
+	    more successful attacks in a row the attacker can either modify
+	    the victim's clock by a small amount or cause ntpd to terminate.
+	    The attack is especially effective when unusually short poll
+	    intervals have been configured.</p>
+	  <p>NTP Bug 3592:  The fix for https://bugs.ntp.org/3445 introduced
+	    a bug such that a ntp can be prevented from initiating a time
+	    volley to its peer resulting in a DoS.</p>
+	  <p>All three NTP bugs may result in DoS or terimation of the ntp
+	    daemon.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>INSERT BLOCKQUOTE URL HERE</url>
+    </references>
+    <dates>
+      <discovery>2019-05-30</discovery>
+      <entry>2020-03-03</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="b66583ae-5aee-4cd5-bb31-b2d397f8b6b3">
     <topic>librsvg2 -- multiple vulnabilities</topic>
     <affects>

More information about the svn-ports-all mailing list