On 19/12/16 18:24, Nounou Dadoun wrote:
Just saw this vulnerability come across the CERT mailing list this morning:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6301
The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows
remote attackers to cause a denial of service (CPU and bandwidth consumption)
via a forged NTP packet, which triggers a communication loop.
Any plans for a patch? ... N
I am a bit puzzled by this question. There are links on the CERT page
you highlight that directly linking to a patch that has been applied to
the codebase since August.
What plans for a patch do expect?
Daniel.
-----Original Message-----
From: busybox [mailto:[email protected]] On Behalf Of Nounou Dadoun
Sent: Tuesday, November 22, 2016 2:05 PM
To: [email protected]
Subject: ntpd vulnerability
Hi folks, we use BusyBox v1.22.1 currently and I'm just trying to determine whether or
not busybox has the recently announced ntpd DoS vulnerability
(http://www.kb.cert.org/vuls/id/633847 ) - it looks like ntpd.c is "based on"
openNTPD so it's not entirely clear. Anybody know? Thanks .. N
Nou Dadoun
Senior Firmware Developer, Security Specialist
Office: 604.629.5182 ext 2632
Support: 888.281.5182 | avigilon.com
Follow Twitter | Follow LinkedIn
This email, including any files attached hereto (the "email"), contains
privileged and confidential information and is only for the intended addressee(s). If
this email has been sent to you in error, such sending does not constitute waiver of
privilege and we request that you kindly delete the email and notify the sender. Any
unauthorized use or disclosure of this email is prohibited. Avigilon and certain other
trade names used herein are the registered and/or unregistered trademarks of Avigilon
Corporation and/or its affiliates in Canada and other jurisdictions worldwide.
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
