lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20091208222902.GE26756@severus.strandboge.com>
Date: Tue, 8 Dec 2009 16:29:02 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-867-1] Ntp vulnerability

===========================================================
Ubuntu Security Notice USN-867-1          December 08, 2009
ntp vulnerability
CVE-2009-3563
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  ntp                             1:4.2.0a+stable-8.1ubuntu6.3
  ntp-server                      1:4.2.0a+stable-8.1ubuntu6.3

Ubuntu 8.04 LTS:
  ntp                             1:4.2.4p4+dfsg-3ubuntu2.3

Ubuntu 8.10:
  ntp                             1:4.2.4p4+dfsg-6ubuntu2.4

Ubuntu 9.04:
  ntp                             1:4.2.4p4+dfsg-7ubuntu5.2

Ubuntu 9.10:
  ntp                             1:4.2.4p6+dfsg-1ubuntu5.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remote
attacker could send a crafted NTP mode 7 packet with a spoofed IP address
of an affected server and cause a denial of service via CPU and disk
resource consumption.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.diff.gz
      Size/MD5:   262833 1fdb567debfe1ce10ffc44ec492d4aa5
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.dsc
      Size/MD5:      872 a6f59fefbf4050684aa38de8b24c54b3
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz
      Size/MD5:  2272395 30f8b3d5b970c14dce5c6d8c922afa3e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.0a+stable-8.1ubuntu6.3_all.deb
      Size/MD5:   891204 35969710cca05eabef8399e53de0bdb5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
      Size/MD5:    35022 cf299ac36cb52399b7b80a7aa6b00c77
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
      Size/MD5:   136402 14d2d9f6ec9a8f4edb2d674538b642a8
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
      Size/MD5:   270524 05dfaa4fdf895ebfdf61ee43d97ef9c6
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
      Size/MD5:    47932 ee2a72cdc8d20e545443bbcf086c6f82
    http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
      Size/MD5:   224268 d9daac981b2dd6d16d69d4bfc0f1d4bf

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_i386.deb
      Size/MD5:    33926 4a79ecdb4d1fa3d407fca23c00292a9d
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_i386.deb
      Size/MD5:   121710 77db2cb6c9daa84d6174fbe277a96c44
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_i386.deb
      Size/MD5:   256764 7aeb8e664a3ff16608fc880a108a8645
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_i386.deb
      Size/MD5:    44598 1e3067b9f7fee43a3f0b18ec9d4b356b
    http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_i386.deb
      Size/MD5:   198516 a0066ee286571189f7f6099bd8a2c220

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
      Size/MD5:    37162 3b19f883b00809d36ae9bd79114955c1
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
      Size/MD5:   135184 d1419b2d9aff1392c78bab2911114c2a
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
      Size/MD5:   271468 856ffca2e1d79bfd730aec3bcc1ce497
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
      Size/MD5:    49266 2cee0d14d9d1deafb78b26041d1ed05a
    http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
      Size/MD5:   222168 42ef5dfaddb9e1fe9b9933119cdbe9ab

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
      Size/MD5:    34428 09539a35a435d11f12ed9f5bd9534771
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
      Size/MD5:   126814 8e2066b695d32e08355bfdc0f571c705
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
      Size/MD5:   261652 1e4142216eb7ff527ce1f59b2ad2d0af
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
      Size/MD5:    46790 7d456f67bea9e6c3f2452a5d6a847f67
    http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
      Size/MD5:   207566 433dca719ea61cca73b993a530299fae

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.diff.gz
      Size/MD5:   287172 dfb60aa2cd60f61907856f5b50c8fc46
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.dsc
      Size/MD5:     1046 251a7ead6fcf835535176b89ed7cc3d4
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
      Size/MD5:  2835029 dc2b3ac9cc04b0f29df35467514c9884

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-3ubuntu2.3_all.deb
      Size/MD5:   928116 28eb96c89717c9fdfe39b3f140428484

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb
      Size/MD5:   477388 bc91b335e5963954d4284d0b57b37c40
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb
      Size/MD5:    65194 185195f8e2df78f7dfbba5b88be482ce

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_i386.deb
      Size/MD5:   432592 0ec673d7b4507cb992091a7b63007826
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_i386.deb
      Size/MD5:    61224 fbf4533c390ea05b7149e370815983e1

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb
      Size/MD5:   435450 1be0d440cf6bcf5048139c856b85106b
    http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb
      Size/MD5:    61184 a1b2a4c34beee7210e322b2f05d94095

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb
      Size/MD5:   490538 e6adb5a7bde67fc04b543664e6ef748f
    http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb
      Size/MD5:    66780 35b709a20016e07b383362610ae2b45a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb
      Size/MD5:   442346 212fc209067ce419756fa2d6f486fd33
    http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb
      Size/MD5:    61964 7937872f5231323d82c98f0ace751a79

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.diff.gz
      Size/MD5:   305723 ea6556c8f4053f2abd79e4cf96633a65
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.dsc
      Size/MD5:     1555 fa669b54aac2751215e1fbac226bf51e
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
      Size/MD5:  2835029 dc2b3ac9cc04b0f29df35467514c9884

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-6ubuntu2.4_all.deb
      Size/MD5:   928754 eaa802a30b795ce27417c0f8fd612564

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb
      Size/MD5:   487270 83aef0ae73d841ca98c1aff95b68b974
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb
      Size/MD5:    66118 b1d338d727c1fbb479a0298e67cf920c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_i386.deb
      Size/MD5:   442316 9441f50fefcd831651417c8e66353769
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_i386.deb
      Size/MD5:    62320 67f26e8efd2233911b3ee5d5c779da52

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb
      Size/MD5:   441714 cc6ffa5cf9f82b707ebf77291c0c7c2b
    http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb
      Size/MD5:    62086 d4c4d6efa2ae6c85b400d73bd39cac8d

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb
      Size/MD5:   491332 f4016ec402c0665df5241555af9a04ed
    http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb
      Size/MD5:    67198 47c3dd10eae821a9d1abcf77a85d6651

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb
      Size/MD5:   449572 4a168bf44988c1da63a39bd14b17b682
    http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb
      Size/MD5:    62834 0ae1f43f7f327de4ab787c911f0fd1ca

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.diff.gz
      Size/MD5:   306032 90b99d80d9e52e4db7e30b96002834b4
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.dsc
      Size/MD5:     1556 b6f57df7732c6fd3a29de6d4c65c421d
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
      Size/MD5:  2835029 dc2b3ac9cc04b0f29df35467514c9884

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-7ubuntu5.2_all.deb
      Size/MD5:   929066 4230567b7ef012596cd5e291df13df76

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb
      Size/MD5:   487628 3789b894fe98014ed8b62fc910088d2a
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb
      Size/MD5:    66442 b43e6e46f0c035961fa2e382bd883fe2

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_i386.deb
      Size/MD5:   442634 efaf8cc0f84114fe6d426827f22e3db4
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_i386.deb
      Size/MD5:    62642 7c9ce030867f9809b49634bdcc2a57a3

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb
      Size/MD5:   442086 4dd3ea7d09c746a592b0b622f4fcb753
    http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb
      Size/MD5:    62410 77fa9c143489ea55da37adcd9f268e6b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb
      Size/MD5:   491526 d04d12ed5ebc7968a90894d92ca094c6
    http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb
      Size/MD5:    67530 55cffc037f6a88b24abd399925e700c3

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb
      Size/MD5:   449666 7dbdc0aa05e90a9363dfcae003c3e531
    http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb
      Size/MD5:    63156 4647b041df35cabb86fb0789e3a083ce

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.diff.gz
      Size/MD5:   344395 26dd6961151053346b36474a18d6412f
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.dsc
      Size/MD5:     1575 c86cc4fe026ee6830d6564cabeaedc61
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg.orig.tar.gz
      Size/MD5:  2836728 bddc66cdc7c35c0cb22cc84cad770c65

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p6+dfsg-1ubuntu5.1_all.deb
      Size/MD5:   931324 bcc11545b9399ca7e09268a85fd6eabf

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb
      Size/MD5:   529994 c766915925a1cccbd27332232a45e016
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb
      Size/MD5:    70098 968cdde0e47a775cf13b922c7f2308f5

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_i386.deb
      Size/MD5:   490892 83e3785020b3cb659b6559cb51632333
    http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_i386.deb
      Size/MD5:    66770 34bd54ff829c032049dc8d7340984b4c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb
      Size/MD5:   487552 f7ad919e64533aed59112c2fe5c49fd9
    http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb
      Size/MD5:    66316 4a2cd9cdf5cfa46ad3784c37f7c29502

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb
      Size/MD5:   528880 401e4a455acdf2a14c5f556e8cae1911
    http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb
      Size/MD5:    69390 9e0e3535fbe3ffe61be245ddd22e5d6c

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb
      Size/MD5:   499646 6059b8a5f9f216b8de00eed901af902e
    http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb
      Size/MD5:    67272 8d04c1e93ca4acd7a4eaac04008326b3



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ