~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch

[alpine-aports] [PATCH v3.3] main/busybox: security fixes #6618

Sergei Lukin <sergej.lukin@gmail.com>
Details
Message ID
<1484751506-11242-1-git-send-email-sergej.lukin@gmail.com>
Sender timestamp
1484751506
DKIM signature
missing
Download raw message
7 years ago
Patch: +55 -5 
CVE-2016-6301: NTP server denial of service flaw
---
 main/busybox/APKBUILD            | 20 +++++++++++++++-----
 main/busybox/CVE-2016-6301.patch | 40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 5 deletions(-)
 create mode 100644 main/busybox/CVE-2016-6301.patch

diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index 0f3b54b..872cd75 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -1,8 +1,9 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=busybox
pkgver=1.24.2
pkgrel=0
pkgrel=1
pkgdesc="Size optimized toolbox of many common UNIX utilities"
url=http://busybox.net
arch="all"
@@ -46,7 +47,13 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2

	acpid.logrotate
	busyboxconfig
	glibc.patch"
	glibc.patch
	CVE-2016-6301.patch
	"

# secfixes:
#   1.24.2-r1:
#     - CVE-2016-6301

_sdir="$srcdir"/$pkgname-$pkgver
_staticdir="$srcdir"/build-static
@@ -181,7 +188,8 @@ f82d49c891c02516462db3cda29ccca7  3003-su-FEATURE_SU_NULLOK_SECURE.patch
a4d1cf64fd1835a284ccc6dbc78e3ce0  0001-ash-fix-error-during-recursive-processing-of-here-do.patch
4046b78ee6a25259954797d73b94f4bd  acpid.logrotate
5cddea6331e6aff69869568b679186ec  busyboxconfig
befaac2c59c380e36a452b3f1c1d4a3a  glibc.patch"
befaac2c59c380e36a452b3f1c1d4a3a  glibc.patch
b23dd4bd38216d05d88287371d35513a  CVE-2016-6301.patch"
sha256sums="e71ef53ec656f31c42633918d301405d40dea1d97eca12f272217ae4a971c855  busybox-1.24.2.tar.bz2
81957f1fe0c386120dad1c8174ccc1fcfeed98c14d229db7d164d4fb4c938b3d  bbsuid.c
9bbf0bec82e6d6907474958f3be048c54657fbf49207810b7e4d4d6146f0069d  nologin.c
@@ -207,7 +215,8 @@ f712ce190ce86084d56977e125d1561615394f3d9b840e926537868260e19d79  0001-ash-backp
1d3f8f7b6d0972f8e56437fce8efbafe70e2d869fbe82f06eba11e0103fce224  0001-ash-fix-error-during-recursive-processing-of-here-do.patch
f7cbeb5a5a47395ad30454ce8262abcd3e91c33ef803c2ae31a9258d7142dd48  acpid.logrotate
ddc0c2e87e37a5e6cc878c5c5c14093c43b361a4d32eee813e0f0b01900efb9e  busyboxconfig
c604ef791c31d35a8c5ee4558d21428a46f37a6d762c4a7e29864f4037fc44a0  glibc.patch"
c604ef791c31d35a8c5ee4558d21428a46f37a6d762c4a7e29864f4037fc44a0  glibc.patch
0bffce454b303b832a19946006eebcb217fa6e14a3c638170bd003dc66504e77  CVE-2016-6301.patch"
sha512sums="4d20fb68ee440be2855231c7fd5f3cb9dd9bfcc1a688f0b59cd3f7a55c8819e9cc44bd15f91500713571f2a84e5e44adc0fa8ae0ae3ebf63961dfc9e1c9ef8e0  busybox-1.24.2.tar.bz2
16b3dd6a8b76b062d51458351fcb44f84b49eb4bf898584c933df90fb2cb3966f9547865a4d7447589bb20b7c203beb04ff7512f76f85d29138d2cff4eb9ee81  bbsuid.c
4e7c291a70e879b74c0fc07c54a73ef50537d8be68fee6b2d409425c07afd2d67f9b6afcd8c33a7971014913cc5de85e45079681c9e77200c6cc2f34acfba6d2  nologin.c
@@ -233,4 +242,5 @@ d55cab6ed08434e2a278edf1be6171b921bcaee47598988e4de6b390a01569e10394c54d5d4a27e6
c14a632f9477c13ea99b24a73c81c9c44ead8b536970acd758e739b43a6260860039674341192ce7bb20a9204ee7d93dcd9541e526f2437d4d2d88637b400867  0001-ash-fix-error-during-recursive-processing-of-here-do.patch
dadb4c953ebc755b88ee95c1489feb0c2d352f6e44abc716166024e6eea11ab9d10c84fad62c081775834d205cb04aa1be3c994676c88f4284495c54b9188e8b  acpid.logrotate
249f9c4769b7e20149109810bed8ed48c87e7e67817f27fbb620857bb3db1857f2d1616c4badba5c9eb2b6a1a14a15e89327b8c5f3c2d3ea15d09e252bab2a20  busyboxconfig
1d2739379dab1deb3eae7cffd4845300eb7d30f7343b4a1209b21a5680860d55080ad45fdefe098b249ce3040c01951fa7f0a79cd447b2d7b260eb000099d9dc  glibc.patch"
1d2739379dab1deb3eae7cffd4845300eb7d30f7343b4a1209b21a5680860d55080ad45fdefe098b249ce3040c01951fa7f0a79cd447b2d7b260eb000099d9dc  glibc.patch
a3030e07a30951b2c4a292670f2ff87541c2a84322525422505f1e3f578021b87c004d0180e5f4219bd1befef2981283b331eb3471de0ae6e4bf44dba8fab502  CVE-2016-6301.patch"
diff --git a/main/busybox/CVE-2016-6301.patch b/main/busybox/CVE-2016-6301.patch
new file mode 100644
index 0000000..fc736cf
--- /dev/null
+++ b/main/busybox/CVE-2016-6301.patch
@@ -0,0 +1,40 @@
From 150dc7a2b483b8338a3e185c478b4b23ee884e71 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon, 1 Aug 2016 20:24:24 +0200
Subject: ntpd: respond only to client and symmetric active packets

The busybox NTP implementation doesn't check the NTP mode of packets
received on the server port and responds to any packet with the right
size. This includes responses from another NTP server. An attacker can
send a packet with a spoofed source address in order to create an
infinite loop of responses between two busybox NTP servers. Adding
more packets to the loop increases the traffic between the servers
until one of them has a fully loaded CPU and/or network.

Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 networking/ntpd.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/networking/ntpd.c b/networking/ntpd.c
index 130cef0..8ca62cf 100644
--- a/networking/ntpd.c
+++ b/networking/ntpd.c
@@ -2051,6 +2051,13 @@ recv_and_process_client_pkt(void /*int fd*/)
 		goto bail;
 	}
 
+	/* Respond only to client and symmetric active packets */
+	if ((msg.m_status & MODE_MASK) != MODE_CLIENT
+	 && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
+	) {
+		goto bail;
+	}
+
 	query_status = msg.m_status;
 	query_xmttime = msg.m_xmttime;
 
-- 
cgit v0.12

-- 
2.6.6



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)