mirror of
https://git.yoctoproject.org/poky
synced 2026-04-20 00:32:13 +02:00
busybox: Security fix CVE-2016-6301
ntpd: NTP server denial of service flaw CVE: CVE-2016-6301 (From OE-Core rev: dafbf8a9e9ed068ecbf22cc816f9a6a3a2da7aa9) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 301dc9df16cce1f4649f90af47159bc21be0de59) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Andrej Valek
committed by
Richard Purdie
Richard Purdie
parent
254336d09b
commit
094b64ea8b
37
meta/recipes-core/busybox/busybox/CVE-2016-6301.patch
Normal file
37
meta/recipes-core/busybox/busybox/CVE-2016-6301.patch
Normal file
@@ -0,0 +1,37 @@
|
||||
busybox1.24.1: Fix CVE-2016-6301
|
||||
|
||||
[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=1363710
|
||||
|
||||
ntpd: NTP server denial of service flaw
|
||||
|
||||
The busybox NTP implementation doesn't check the NTP mode of packets
|
||||
received on the server port and responds to any packet with the right
|
||||
size. This includes responses from another NTP server. An attacker can
|
||||
send a packet with a spoofed source address in order to create an
|
||||
infinite loop of responses between two busybox NTP servers. Adding
|
||||
more packets to the loop increases the traffic between the servers
|
||||
until one of them has a fully loaded CPU and/or network.
|
||||
|
||||
Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71]
|
||||
CVE: CVE-2016-6301
|
||||
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
||||
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
|
||||
|
||||
diff --git a/networking/ntpd.c b/networking/ntpd.c
|
||||
index 9732c9b..0f6a55f 100644
|
||||
--- a/networking/ntpd.c
|
||||
+++ b/networking/ntpd.c
|
||||
@@ -1985,6 +1985,13 @@ recv_and_process_client_pkt(void /*int fd*/)
|
||||
goto bail;
|
||||
}
|
||||
|
||||
+ /* Respond only to client and symmetric active packets */
|
||||
+ if ((msg.m_status & MODE_MASK) != MODE_CLIENT
|
||||
+ && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
|
||||
+ ) {
|
||||
+ goto bail;
|
||||
+ }
|
||||
+
|
||||
query_status = msg.m_status;
|
||||
query_xmttime = msg.m_xmttime;
|
||||
|
||||
@@ -47,6 +47,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
|
||||
file://CVE-2016-2148.patch \
|
||||
file://CVE-2016-2147.patch \
|
||||
file://CVE-2016-2147_2.patch \
|
||||
file://CVE-2016-6301.patch \
|
||||
file://ip_fix_problem_on_mips64_n64_big_endian_musl_systems.patch \
|
||||
file://makefile-fix-backport.patch \
|
||||
file://0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch \
|
||||
|
||||
Reference in New Issue
Block a user