diff options
author | Andrej Valek <andrej.valek@siemens.com> | 2017-04-06 09:07:37 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-04-08 22:48:03 +0100 |
commit | 301dc9df16cce1f4649f90af47159bc21be0de59 (patch) | |
tree | 7c60a32d36f04df7da42f8e3c9afd6eff39f2838 /meta/recipes-core | |
parent | dad9f27278850d0d3818344fea877835632576cb (diff) | |
download | openembedded-core-301dc9df16cce1f4649f90af47159bc21be0de59.tar.gz openembedded-core-301dc9df16cce1f4649f90af47159bc21be0de59.tar.bz2 openembedded-core-301dc9df16cce1f4649f90af47159bc21be0de59.zip |
busybox: Security fix CVE-2016-6301
ntpd: NTP server denial of service flaw
CVE: CVE-2016-6301
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/busybox/busybox/CVE-2016-6301.patch | 37 | ||||
-rw-r--r-- | meta/recipes-core/busybox/busybox_1.24.1.bb | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch new file mode 100644 index 0000000000..851bc20f79 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch @@ -0,0 +1,37 @@ +busybox1.24.1: Fix CVE-2016-6301 + +[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=1363710 + +ntpd: NTP server denial of service flaw + +The busybox NTP implementation doesn't check the NTP mode of packets +received on the server port and responds to any packet with the right +size. This includes responses from another NTP server. An attacker can +send a packet with a spoofed source address in order to create an +infinite loop of responses between two busybox NTP servers. Adding +more packets to the loop increases the traffic between the servers +until one of them has a fully loaded CPU and/or network. + +Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71] +CVE: CVE-2016-6301 +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> +Signed-off-by: Pascal Bach <pascal.bach@siemens.com> + +diff --git a/networking/ntpd.c b/networking/ntpd.c +index 9732c9b..0f6a55f 100644 +--- a/networking/ntpd.c ++++ b/networking/ntpd.c +@@ -1985,6 +1985,13 @@ recv_and_process_client_pkt(void /*int fd*/) + goto bail; + } + ++ /* Respond only to client and symmetric active packets */ ++ if ((msg.m_status & MODE_MASK) != MODE_CLIENT ++ && (msg.m_status & MODE_MASK) != MODE_SYM_ACT ++ ) { ++ goto bail; ++ } ++ + query_status = msg.m_status; + query_xmttime = msg.m_xmttime; + diff --git a/meta/recipes-core/busybox/busybox_1.24.1.bb b/meta/recipes-core/busybox/busybox_1.24.1.bb index 41fc64175e..6013ec9e5d 100644 --- a/meta/recipes-core/busybox/busybox_1.24.1.bb +++ b/meta/recipes-core/busybox/busybox_1.24.1.bb @@ -47,6 +47,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://CVE-2016-2148.patch \ file://CVE-2016-2147.patch \ file://CVE-2016-2147_2.patch \ + file://CVE-2016-6301.patch \ file://ip_fix_problem_on_mips64_n64_big_endian_musl_systems.patch \ file://makefile-fix-backport.patch \ file://0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch \ |