~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch

[alpine-aports] [PATCH v3.2] main/busybox: security fixes #6619

Details
Message ID
<1484835952-11109-1-git-send-email-sergej.lukin@gmail.com>
Sender timestamp
1484835952
DKIM signature
missing
Download raw message
Patch: +55 -5
CVE-2016-6301: NTP server denial of service flaw
---
 main/busybox/APKBUILD            | 20 +++++++++++++++-----
 main/busybox/CVE-2016-6301.patch | 40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 5 deletions(-)
 create mode 100644 main/busybox/CVE-2016-6301.patch

diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index cd86eeb..dee1240 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -1,8 +1,9 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=busybox
pkgver=1.23.2
pkgrel=0
pkgrel=1
pkgdesc="Size optimized toolbox of many common UNIX utilities"
url=http://busybox.net
arch="all"
@@ -34,7 +35,13 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
	1002-fbsplash-support-image-and-bar-alignment-and-positio.patch

	busyboxconfig
	glibc.patch"
	glibc.patch
	CVE-2016-6301.patch
	"

# secfixes:
#   1.24.2-r1:
#     - CVE-2016-6301

_sdir="$srcdir"/$pkgname-$pkgver
_staticdir="$srcdir"/build-static
@@ -129,7 +136,8 @@ e1c183cbe1ca18a0fa0d9597314076c9  0001-ifupdown-use-x-hostname-NAME-with-udhcpc.
b56d306ccba574da78dff060b7330806  1001-fbsplash-support-console-switching.patch
4fe5f9e973674c7db3d07f295c363a7c  1002-fbsplash-support-image-and-bar-alignment-and-positio.patch
3cff842a3618c84465d7ef5425c8749b  busyboxconfig
befaac2c59c380e36a452b3f1c1d4a3a  glibc.patch"
befaac2c59c380e36a452b3f1c1d4a3a  glibc.patch
b23dd4bd38216d05d88287371d35513a  CVE-2016-6301.patch"
sha256sums="05a6f9e21aad8c098e388ae77de7b2361941afa7157ef74216703395b14e319a  busybox-1.23.2.tar.bz2
81957f1fe0c386120dad1c8174ccc1fcfeed98c14d229db7d164d4fb4c938b3d  bbsuid.c
9bbf0bec82e6d6907474958f3be048c54657fbf49207810b7e4d4d6146f0069d  nologin.c
@@ -146,7 +154,8 @@ ac2cd5fed91bfaec22ed1f2766396d0feb29b9b96f20b2c12d5d8ac8769afae9  0001-linedit-d
b8b0b16ed67b0159256193b1d2108b8ef9aa8a334ab81e463bb970c71257da9a  1001-fbsplash-support-console-switching.patch
e1f3fad8e21dfd72cfcae7ab3ba31d7938e964e0f9ec08b2da0b14d462435424  1002-fbsplash-support-image-and-bar-alignment-and-positio.patch
342bb69c144a1e63d7a7fe4c24578ce5b483c09751ac16bb36d1b88929068141  busyboxconfig
c604ef791c31d35a8c5ee4558d21428a46f37a6d762c4a7e29864f4037fc44a0  glibc.patch"
c604ef791c31d35a8c5ee4558d21428a46f37a6d762c4a7e29864f4037fc44a0  glibc.patch
0bffce454b303b832a19946006eebcb217fa6e14a3c638170bd003dc66504e77  CVE-2016-6301.patch"
sha512sums="209c8ef26e40ccb81510f6b663202b080f9bbecac7faf386bbabf7e36a43d63b15dd6ce9f7a84c1ccc5345c524999812251da1e113ef9faadc6af1fedd24c7c9  busybox-1.23.2.tar.bz2
16b3dd6a8b76b062d51458351fcb44f84b49eb4bf898584c933df90fb2cb3966f9547865a4d7447589bb20b7c203beb04ff7512f76f85d29138d2cff4eb9ee81  bbsuid.c
4e7c291a70e879b74c0fc07c54a73ef50537d8be68fee6b2d409425c07afd2d67f9b6afcd8c33a7971014913cc5de85e45079681c9e77200c6cc2f34acfba6d2  nologin.c
@@ -163,4 +172,5 @@ a35b66cd28b79ccc14b47315ac94677fdf8c14d8a6e8956707e71fb50d453dfc5b4b822832cd1fae
a181dd54e8e11cf1199edb1b1fcd4b7402bbf142593b6014f32c6815bb7093b56899ad0fcc9f73c382f56203ac5274fb3d51fa070feb541436f23c31680f1a69  1001-fbsplash-support-console-switching.patch
c33073416f7da2805a20f3f456f869217171c8fbfdef85f4ae481307aeb1e1b5717084bbbc619010fa5500c3f3f49b6468d5c122024fcc49d637c82427a3f553  1002-fbsplash-support-image-and-bar-alignment-and-positio.patch
2efb13f23c48a4dc3e2eb6343256694719c3425fe8ddd36ce9fb1837e45fafa3326c2630a08d731abc6bbc104536218d095b2d997861c5b35a7f7907177d2e66  busyboxconfig
1d2739379dab1deb3eae7cffd4845300eb7d30f7343b4a1209b21a5680860d55080ad45fdefe098b249ce3040c01951fa7f0a79cd447b2d7b260eb000099d9dc  glibc.patch"
1d2739379dab1deb3eae7cffd4845300eb7d30f7343b4a1209b21a5680860d55080ad45fdefe098b249ce3040c01951fa7f0a79cd447b2d7b260eb000099d9dc  glibc.patch
a3030e07a30951b2c4a292670f2ff87541c2a84322525422505f1e3f578021b87c004d0180e5f4219bd1befef2981283b331eb3471de0ae6e4bf44dba8fab502  CVE-2016-6301.patch"
diff --git a/main/busybox/CVE-2016-6301.patch b/main/busybox/CVE-2016-6301.patch
new file mode 100644
index 0000000..fc736cf
--- /dev/null
+++ b/main/busybox/CVE-2016-6301.patch
@@ -0,0 +1,40 @@
From 150dc7a2b483b8338a3e185c478b4b23ee884e71 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon, 1 Aug 2016 20:24:24 +0200
Subject: ntpd: respond only to client and symmetric active packets

The busybox NTP implementation doesn't check the NTP mode of packets
received on the server port and responds to any packet with the right
size. This includes responses from another NTP server. An attacker can
send a packet with a spoofed source address in order to create an
infinite loop of responses between two busybox NTP servers. Adding
more packets to the loop increases the traffic between the servers
until one of them has a fully loaded CPU and/or network.

Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 networking/ntpd.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/networking/ntpd.c b/networking/ntpd.c
index 130cef0..8ca62cf 100644
--- a/networking/ntpd.c
+++ b/networking/ntpd.c
@@ -2051,6 +2051,13 @@ recv_and_process_client_pkt(void /*int fd*/)
 		goto bail;
 	}
 
+	/* Respond only to client and symmetric active packets */
+	if ((msg.m_status & MODE_MASK) != MODE_CLIENT
+	 && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
+	) {
+		goto bail;
+	}
+
 	query_status = msg.m_status;
 	query_xmttime = msg.m_xmttime;
 
-- 
cgit v0.12

-- 
2.4.11



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)