Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ad3ccc0f by Salvatore Bonaccorso at 2020-08-14T21:18:00+02:00 Mark CVE-2020-13817 as not affecting ntpsec source wise ntpsec implements/covers already <https://tools.ietf.org/html/draft-ietf-ntp-data-minimization-04>. Quoting the upstream answer: > That bug talks about feeding bogus time to a system by guessing the transmit > time stamp. > > When ntpd gets a response, it drops responses where the time-stamp it sent > doesn't match the corresponding slot in the reply. The idea is that most of > the bits in that slot are predictable so an off path attacker has a good > chance of getting a bogus response through by guessing the value the server is > expecting. > > There is a draft in the pipeline: > https://tools.ietf.org/html/draft-ietf-ntp-data-minimization-04 > We implement that. > > I don't know if the authors considered this particular case, but they covered > it. We send a random value in that slot (and keep the time in our back > pocket) so similar attacks are unlikley to work - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -22395,11 +22395,11 @@ CVE-2020-13817 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remo [buster] - ntp <ignored> (Minor issue) [stretch] - ntp <ignored> (Minor issue) [jessie] - ntp <ignored> (Too intrusive to backport, requires new configuration) + - ntpsec <not-affected> (Doesn't affect ntpsec per upstream, #964395) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3596 NOTE: https://bugs.ntp.org/show_bug.cgi?id=3596 NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e312021VVVkyioYBR_aeIP1LqMCVg (4.2.8p14) NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e4a536dzxRWAzMw-KsKjm04l6joNA (4.2.8p14) - TODO: check ntpsec, cf. #964395 CVE-2020-13816 REJECTED CVE-2020-13815 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad3ccc0fd9b446ad086d00bb1575ade6e80afb51 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad3ccc0fd9b446ad086d00bb1575ade6e80afb51 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
