[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20091208222902.GE26756@severus.strandboge.com>
Date: Tue, 8 Dec 2009 16:29:02 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-867-1] Ntp vulnerability
===========================================================
Ubuntu Security Notice USN-867-1 December 08, 2009
ntp vulnerability
CVE-2009-3563
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
ntp 1:4.2.0a+stable-8.1ubuntu6.3
ntp-server 1:4.2.0a+stable-8.1ubuntu6.3
Ubuntu 8.04 LTS:
ntp 1:4.2.4p4+dfsg-3ubuntu2.3
Ubuntu 8.10:
ntp 1:4.2.4p4+dfsg-6ubuntu2.4
Ubuntu 9.04:
ntp 1:4.2.4p4+dfsg-7ubuntu5.2
Ubuntu 9.10:
ntp 1:4.2.4p6+dfsg-1ubuntu5.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remote
attacker could send a crafted NTP mode 7 packet with a spoofed IP address
of an affected server and cause a denial of service via CPU and disk
resource consumption.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.diff.gz
Size/MD5: 262833 1fdb567debfe1ce10ffc44ec492d4aa5
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.dsc
Size/MD5: 872 a6f59fefbf4050684aa38de8b24c54b3
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz
Size/MD5: 2272395 30f8b3d5b970c14dce5c6d8c922afa3e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.0a+stable-8.1ubuntu6.3_all.deb
Size/MD5: 891204 35969710cca05eabef8399e53de0bdb5
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
Size/MD5: 35022 cf299ac36cb52399b7b80a7aa6b00c77
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
Size/MD5: 136402 14d2d9f6ec9a8f4edb2d674538b642a8
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
Size/MD5: 270524 05dfaa4fdf895ebfdf61ee43d97ef9c6
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
Size/MD5: 47932 ee2a72cdc8d20e545443bbcf086c6f82
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
Size/MD5: 224268 d9daac981b2dd6d16d69d4bfc0f1d4bf
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_i386.deb
Size/MD5: 33926 4a79ecdb4d1fa3d407fca23c00292a9d
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_i386.deb
Size/MD5: 121710 77db2cb6c9daa84d6174fbe277a96c44
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_i386.deb
Size/MD5: 256764 7aeb8e664a3ff16608fc880a108a8645
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_i386.deb
Size/MD5: 44598 1e3067b9f7fee43a3f0b18ec9d4b356b
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_i386.deb
Size/MD5: 198516 a0066ee286571189f7f6099bd8a2c220
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
Size/MD5: 37162 3b19f883b00809d36ae9bd79114955c1
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
Size/MD5: 135184 d1419b2d9aff1392c78bab2911114c2a
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
Size/MD5: 271468 856ffca2e1d79bfd730aec3bcc1ce497
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
Size/MD5: 49266 2cee0d14d9d1deafb78b26041d1ed05a
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
Size/MD5: 222168 42ef5dfaddb9e1fe9b9933119cdbe9ab
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
Size/MD5: 34428 09539a35a435d11f12ed9f5bd9534771
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
Size/MD5: 126814 8e2066b695d32e08355bfdc0f571c705
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
Size/MD5: 261652 1e4142216eb7ff527ce1f59b2ad2d0af
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
Size/MD5: 46790 7d456f67bea9e6c3f2452a5d6a847f67
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
Size/MD5: 207566 433dca719ea61cca73b993a530299fae
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.diff.gz
Size/MD5: 287172 dfb60aa2cd60f61907856f5b50c8fc46
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.dsc
Size/MD5: 1046 251a7ead6fcf835535176b89ed7cc3d4
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-3ubuntu2.3_all.deb
Size/MD5: 928116 28eb96c89717c9fdfe39b3f140428484
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb
Size/MD5: 477388 bc91b335e5963954d4284d0b57b37c40
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb
Size/MD5: 65194 185195f8e2df78f7dfbba5b88be482ce
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_i386.deb
Size/MD5: 432592 0ec673d7b4507cb992091a7b63007826
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_i386.deb
Size/MD5: 61224 fbf4533c390ea05b7149e370815983e1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb
Size/MD5: 435450 1be0d440cf6bcf5048139c856b85106b
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb
Size/MD5: 61184 a1b2a4c34beee7210e322b2f05d94095
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb
Size/MD5: 490538 e6adb5a7bde67fc04b543664e6ef748f
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb
Size/MD5: 66780 35b709a20016e07b383362610ae2b45a
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb
Size/MD5: 442346 212fc209067ce419756fa2d6f486fd33
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb
Size/MD5: 61964 7937872f5231323d82c98f0ace751a79
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.diff.gz
Size/MD5: 305723 ea6556c8f4053f2abd79e4cf96633a65
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.dsc
Size/MD5: 1555 fa669b54aac2751215e1fbac226bf51e
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-6ubuntu2.4_all.deb
Size/MD5: 928754 eaa802a30b795ce27417c0f8fd612564
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb
Size/MD5: 487270 83aef0ae73d841ca98c1aff95b68b974
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb
Size/MD5: 66118 b1d338d727c1fbb479a0298e67cf920c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_i386.deb
Size/MD5: 442316 9441f50fefcd831651417c8e66353769
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_i386.deb
Size/MD5: 62320 67f26e8efd2233911b3ee5d5c779da52
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb
Size/MD5: 441714 cc6ffa5cf9f82b707ebf77291c0c7c2b
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb
Size/MD5: 62086 d4c4d6efa2ae6c85b400d73bd39cac8d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb
Size/MD5: 491332 f4016ec402c0665df5241555af9a04ed
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb
Size/MD5: 67198 47c3dd10eae821a9d1abcf77a85d6651
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb
Size/MD5: 449572 4a168bf44988c1da63a39bd14b17b682
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb
Size/MD5: 62834 0ae1f43f7f327de4ab787c911f0fd1ca
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.diff.gz
Size/MD5: 306032 90b99d80d9e52e4db7e30b96002834b4
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.dsc
Size/MD5: 1556 b6f57df7732c6fd3a29de6d4c65c421d
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-7ubuntu5.2_all.deb
Size/MD5: 929066 4230567b7ef012596cd5e291df13df76
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb
Size/MD5: 487628 3789b894fe98014ed8b62fc910088d2a
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb
Size/MD5: 66442 b43e6e46f0c035961fa2e382bd883fe2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_i386.deb
Size/MD5: 442634 efaf8cc0f84114fe6d426827f22e3db4
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_i386.deb
Size/MD5: 62642 7c9ce030867f9809b49634bdcc2a57a3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb
Size/MD5: 442086 4dd3ea7d09c746a592b0b622f4fcb753
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb
Size/MD5: 62410 77fa9c143489ea55da37adcd9f268e6b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb
Size/MD5: 491526 d04d12ed5ebc7968a90894d92ca094c6
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb
Size/MD5: 67530 55cffc037f6a88b24abd399925e700c3
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb
Size/MD5: 449666 7dbdc0aa05e90a9363dfcae003c3e531
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb
Size/MD5: 63156 4647b041df35cabb86fb0789e3a083ce
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.diff.gz
Size/MD5: 344395 26dd6961151053346b36474a18d6412f
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.dsc
Size/MD5: 1575 c86cc4fe026ee6830d6564cabeaedc61
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg.orig.tar.gz
Size/MD5: 2836728 bddc66cdc7c35c0cb22cc84cad770c65
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p6+dfsg-1ubuntu5.1_all.deb
Size/MD5: 931324 bcc11545b9399ca7e09268a85fd6eabf
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb
Size/MD5: 529994 c766915925a1cccbd27332232a45e016
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb
Size/MD5: 70098 968cdde0e47a775cf13b922c7f2308f5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_i386.deb
Size/MD5: 490892 83e3785020b3cb659b6559cb51632333
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_i386.deb
Size/MD5: 66770 34bd54ff829c032049dc8d7340984b4c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb
Size/MD5: 487552 f7ad919e64533aed59112c2fe5c49fd9
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb
Size/MD5: 66316 4a2cd9cdf5cfa46ad3784c37f7c29502
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb
Size/MD5: 528880 401e4a455acdf2a14c5f556e8cae1911
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb
Size/MD5: 69390 9e0e3535fbe3ffe61be245ddd22e5d6c
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb
Size/MD5: 499646 6059b8a5f9f216b8de00eed901af902e
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb
Size/MD5: 67272 8d04c1e93ca4acd7a4eaac04008326b3
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists