Mail archive
alpine-aports

[alpine-aports] [PATCH v3.2] main/busybox: security fixes #6619

From: Sergei Lukin <sergej.lukin_at_gmail.com>
Date: Thu, 19 Jan 2017 14:25:52 +0000

CVE-2016-6301: NTP server denial of service flaw
---
 main/busybox/APKBUILD            | 20 +++++++++++++++-----
 main/busybox/CVE-2016-6301.patch | 40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 5 deletions(-)
 create mode 100644 main/busybox/CVE-2016-6301.patch
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index cd86eeb..dee1240 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
_at_@ -1,8 +1,9 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Contributor: Ɓukasz Jendrysik <scadu_at_yandex.com>
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=busybox
 pkgver=1.23.2
-pkgrel=0
+pkgrel=1
 pkgdesc="Size optimized toolbox of many common UNIX utilities"
 url=http://busybox.net
 arch="all"
_at_@ -34,7 +35,13 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
 	1002-fbsplash-support-image-and-bar-alignment-and-positio.patch
 
 	busyboxconfig
-	glibc.patch"
+	glibc.patch
+	CVE-2016-6301.patch
+	"
+
+# secfixes:
+#   1.24.2-r1:
+#     - CVE-2016-6301
 
 _sdir="$srcdir"/$pkgname-$pkgver
 _staticdir="$srcdir"/build-static
_at_@ -129,7 +136,8 @@ e1c183cbe1ca18a0fa0d9597314076c9  0001-ifupdown-use-x-hostname-NAME-with-udhcpc.
 b56d306ccba574da78dff060b7330806  1001-fbsplash-support-console-switching.patch
 4fe5f9e973674c7db3d07f295c363a7c  1002-fbsplash-support-image-and-bar-alignment-and-positio.patch
 3cff842a3618c84465d7ef5425c8749b  busyboxconfig
-befaac2c59c380e36a452b3f1c1d4a3a  glibc.patch"
+befaac2c59c380e36a452b3f1c1d4a3a  glibc.patch
+b23dd4bd38216d05d88287371d35513a  CVE-2016-6301.patch"
 sha256sums="05a6f9e21aad8c098e388ae77de7b2361941afa7157ef74216703395b14e319a  busybox-1.23.2.tar.bz2
 81957f1fe0c386120dad1c8174ccc1fcfeed98c14d229db7d164d4fb4c938b3d  bbsuid.c
 9bbf0bec82e6d6907474958f3be048c54657fbf49207810b7e4d4d6146f0069d  nologin.c
_at_@ -146,7 +154,8 @@ ac2cd5fed91bfaec22ed1f2766396d0feb29b9b96f20b2c12d5d8ac8769afae9  0001-linedit-d
 b8b0b16ed67b0159256193b1d2108b8ef9aa8a334ab81e463bb970c71257da9a  1001-fbsplash-support-console-switching.patch
 e1f3fad8e21dfd72cfcae7ab3ba31d7938e964e0f9ec08b2da0b14d462435424  1002-fbsplash-support-image-and-bar-alignment-and-positio.patch
 342bb69c144a1e63d7a7fe4c24578ce5b483c09751ac16bb36d1b88929068141  busyboxconfig
-c604ef791c31d35a8c5ee4558d21428a46f37a6d762c4a7e29864f4037fc44a0  glibc.patch"
+c604ef791c31d35a8c5ee4558d21428a46f37a6d762c4a7e29864f4037fc44a0  glibc.patch
+0bffce454b303b832a19946006eebcb217fa6e14a3c638170bd003dc66504e77  CVE-2016-6301.patch"
 sha512sums="209c8ef26e40ccb81510f6b663202b080f9bbecac7faf386bbabf7e36a43d63b15dd6ce9f7a84c1ccc5345c524999812251da1e113ef9faadc6af1fedd24c7c9  busybox-1.23.2.tar.bz2
 16b3dd6a8b76b062d51458351fcb44f84b49eb4bf898584c933df90fb2cb3966f9547865a4d7447589bb20b7c203beb04ff7512f76f85d29138d2cff4eb9ee81  bbsuid.c
 4e7c291a70e879b74c0fc07c54a73ef50537d8be68fee6b2d409425c07afd2d67f9b6afcd8c33a7971014913cc5de85e45079681c9e77200c6cc2f34acfba6d2  nologin.c
_at_@ -163,4 +172,5 @@ a35b66cd28b79ccc14b47315ac94677fdf8c14d8a6e8956707e71fb50d453dfc5b4b822832cd1fae
 a181dd54e8e11cf1199edb1b1fcd4b7402bbf142593b6014f32c6815bb7093b56899ad0fcc9f73c382f56203ac5274fb3d51fa070feb541436f23c31680f1a69  1001-fbsplash-support-console-switching.patch
 c33073416f7da2805a20f3f456f869217171c8fbfdef85f4ae481307aeb1e1b5717084bbbc619010fa5500c3f3f49b6468d5c122024fcc49d637c82427a3f553  1002-fbsplash-support-image-and-bar-alignment-and-positio.patch
 2efb13f23c48a4dc3e2eb6343256694719c3425fe8ddd36ce9fb1837e45fafa3326c2630a08d731abc6bbc104536218d095b2d997861c5b35a7f7907177d2e66  busyboxconfig
-1d2739379dab1deb3eae7cffd4845300eb7d30f7343b4a1209b21a5680860d55080ad45fdefe098b249ce3040c01951fa7f0a79cd447b2d7b260eb000099d9dc  glibc.patch"
+1d2739379dab1deb3eae7cffd4845300eb7d30f7343b4a1209b21a5680860d55080ad45fdefe098b249ce3040c01951fa7f0a79cd447b2d7b260eb000099d9dc  glibc.patch
+a3030e07a30951b2c4a292670f2ff87541c2a84322525422505f1e3f578021b87c004d0180e5f4219bd1befef2981283b331eb3471de0ae6e4bf44dba8fab502  CVE-2016-6301.patch"
diff --git a/main/busybox/CVE-2016-6301.patch b/main/busybox/CVE-2016-6301.patch
new file mode 100644
index 0000000..fc736cf
--- /dev/null
+++ b/main/busybox/CVE-2016-6301.patch
_at_@ -0,0 +1,40 @@
+From 150dc7a2b483b8338a3e185c478b4b23ee884e71 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar_at_redhat.com>
+Date: Mon, 1 Aug 2016 20:24:24 +0200
+Subject: ntpd: respond only to client and symmetric active packets
+
+The busybox NTP implementation doesn't check the NTP mode of packets
+received on the server port and responds to any packet with the right
+size. This includes responses from another NTP server. An attacker can
+send a packet with a spoofed source address in order to create an
+infinite loop of responses between two busybox NTP servers. Adding
+more packets to the loop increases the traffic between the servers
+until one of them has a fully loaded CPU and/or network.
+
+Signed-off-by: Miroslav Lichvar <mlichvar_at_redhat.com>
+Signed-off-by: Denys Vlasenko <vda.linux_at_googlemail.com>
+---
+ networking/ntpd.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/networking/ntpd.c b/networking/ntpd.c
+index 130cef0..8ca62cf 100644
+--- a/networking/ntpd.c
++++ b/networking/ntpd.c
+_at_@ -2051,6 +2051,13 @@ recv_and_process_client_pkt(void /*int fd*/)
+ 		goto bail;
+ 	}
+ 
++	/* Respond only to client and symmetric active packets */
++	if ((msg.m_status & MODE_MASK) != MODE_CLIENT
++	 && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
++	) {
++		goto bail;
++	}
++
+ 	query_status = msg.m_status;
+ 	query_xmttime = msg.m_xmttime;
+ 
+-- 
+cgit v0.12
+
-- 
2.4.11
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Thu Jan 19 2017 - 14:25:52 GMT