~alpine/aports

v3.4: main/busybox: security fixes #6617 v1 PROPOSED

Sergei Lukin: 1
 main/busybox: security fixes #6617

 2 files changed, 55 insertions(+), 5 deletions(-)
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.alpinelinux.org/~alpine/aports/patches/27/mbox | git am -3
Learn more about email & git

[alpine-aports] [PATCH v3.4] main/busybox: security fixes #6617 Export this patch

CVE-2016-6301: NTP server denial of service flaw
---
 main/busybox/APKBUILD            | 18 ++++++++++++-----
 main/busybox/CVE-2016-6301.patch | 42 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 5 deletions(-)
 create mode 100644 main/busybox/CVE-2016-6301.patch

diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index 50e97fa..5ee2341 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -1,8 +1,9 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=busybox
pkgver=1.24.2
pkgrel=12
pkgrel=13
pkgdesc="Size optimized toolbox of many common UNIX utilities"
url=http://busybox.net
arch="all"
@@ -62,9 +63,13 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2

	acpid.logrotate
	busyboxconfig
	glibc.patch"
	glibc.patch
	CVE-2016-6301.patch
	"

# secfixes:
#   1.24.2-r12:
#     - CVE-2016-6301
#   1.24.2-r0:
#     - CVE-2016-2147
#     - CVE-2016-2148
@@ -214,7 +219,8 @@ c682706fa98b63497ce0d1bc2ea3e688  0001-xargs-make-I-imply-r.patch
6234d8817d3c0ee9f4c01e83bf6a96c4  0016-whois-make-it-actually-work.patch
4046b78ee6a25259954797d73b94f4bd  acpid.logrotate
ab4a2e1385566b01002e526614dd38c2  busyboxconfig
befaac2c59c380e36a452b3f1c1d4a3a  glibc.patch"
befaac2c59c380e36a452b3f1c1d4a3a  glibc.patch
b23dd4bd38216d05d88287371d35513a  CVE-2016-6301.patch"
sha256sums="e71ef53ec656f31c42633918d301405d40dea1d97eca12f272217ae4a971c855  busybox-1.24.2.tar.bz2
52bd2c7c44779f910eedd2fea73ec0de520add400894cc132276587e25c73e39  bbsuid.c
9bbf0bec82e6d6907474958f3be048c54657fbf49207810b7e4d4d6146f0069d  nologin.c
@@ -253,7 +259,8 @@ bf1d97532af24f5a658dd41b94336c3b1fe67d842e83636c25693e65d1995790  0001-xargs-mak
1be53b0d1aa3c3f44bff31e092bc786259c7475de4b24dfaa71e70c50672f421  0016-whois-make-it-actually-work.patch
f7cbeb5a5a47395ad30454ce8262abcd3e91c33ef803c2ae31a9258d7142dd48  acpid.logrotate
a129ededc4c5ec3d0385e4da50a87e81f348ecc7541a2105dd98f0c8543a3a2f  busyboxconfig
c604ef791c31d35a8c5ee4558d21428a46f37a6d762c4a7e29864f4037fc44a0  glibc.patch"
c604ef791c31d35a8c5ee4558d21428a46f37a6d762c4a7e29864f4037fc44a0  glibc.patch
0bffce454b303b832a19946006eebcb217fa6e14a3c638170bd003dc66504e77  CVE-2016-6301.patch"
sha512sums="4d20fb68ee440be2855231c7fd5f3cb9dd9bfcc1a688f0b59cd3f7a55c8819e9cc44bd15f91500713571f2a84e5e44adc0fa8ae0ae3ebf63961dfc9e1c9ef8e0  busybox-1.24.2.tar.bz2
c1dd56509277c59751907a27f067f1622191ddfd498acfe390d83136d36a41f2bdfc2fd4daf35af77219a66fb00fea20483f34112afd5df2ccd9f36ab548e66f  bbsuid.c
4e7c291a70e879b74c0fc07c54a73ef50537d8be68fee6b2d409425c07afd2d67f9b6afcd8c33a7971014913cc5de85e45079681c9e77200c6cc2f34acfba6d2  nologin.c
@@ -292,4 +299,5 @@ afa0aa2fee08b28b6f4a32bd761d9fd7ab6989a13651ffa9dc8a3a3c4de3c646ce0881c2abd1be96
09cb1bf25c9442986e7d9816277e75591a2af8ba78117869c5cba35d2e189db351455137e9511cf61788864812056133fc9ec5e204f9eb18ae86c34dd8493ae8  0016-whois-make-it-actually-work.patch
dadb4c953ebc755b88ee95c1489feb0c2d352f6e44abc716166024e6eea11ab9d10c84fad62c081775834d205cb04aa1be3c994676c88f4284495c54b9188e8b  acpid.logrotate
580a6e15d6517641951bb1648c406cee2a82fab353552a60d37f29e5f58da664437d99d5bd313d88e260a92735c32886ffc1cad98f901bb27d1f5027fdce37d7  busyboxconfig
1d2739379dab1deb3eae7cffd4845300eb7d30f7343b4a1209b21a5680860d55080ad45fdefe098b249ce3040c01951fa7f0a79cd447b2d7b260eb000099d9dc  glibc.patch"
1d2739379dab1deb3eae7cffd4845300eb7d30f7343b4a1209b21a5680860d55080ad45fdefe098b249ce3040c01951fa7f0a79cd447b2d7b260eb000099d9dc  glibc.patch
a3030e07a30951b2c4a292670f2ff87541c2a84322525422505f1e3f578021b87c004d0180e5f4219bd1befef2981283b331eb3471de0ae6e4bf44dba8fab502  CVE-2016-6301.patch"
diff --git a/main/busybox/CVE-2016-6301.patch b/main/busybox/CVE-2016-6301.patch
new file mode 100644
index 0000000..67d2fe5
--- /dev/null
+++ b/main/busybox/CVE-2016-6301.patch
@@ -0,0 +1,42 @@
https://git.busybox.net/busybox/patch/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71

From 150dc7a2b483b8338a3e185c478b4b23ee884e71 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon, 1 Aug 2016 20:24:24 +0200
Subject: ntpd: respond only to client and symmetric active packets

The busybox NTP implementation doesn't check the NTP mode of packets
received on the server port and responds to any packet with the right
size. This includes responses from another NTP server. An attacker can
send a packet with a spoofed source address in order to create an
infinite loop of responses between two busybox NTP servers. Adding
more packets to the loop increases the traffic between the servers
until one of them has a fully loaded CPU and/or network.

Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 networking/ntpd.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/networking/ntpd.c b/networking/ntpd.c
index 130cef0..8ca62cf 100644
--- a/networking/ntpd.c
+++ b/networking/ntpd.c
@@ -2051,6 +2051,13 @@ recv_and_process_client_pkt(void /*int fd*/)
 		goto bail;
 	}
 
+	/* Respond only to client and symmetric active packets */
+	if ((msg.m_status & MODE_MASK) != MODE_CLIENT
+	 && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
+	) {
+		goto bail;
+	}
+
 	query_status = msg.m_status;
 	query_xmttime = msg.m_xmttime;
 
-- 
cgit v0.12

-- 
2.8.3



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---