The press has caught wind of security advisories for ntp today (December 19): http://www.zdnet.com/article/major-ntp-security-holes-appears-and-are-being-exploited/ Fedora committed patches in git 5 hours ago. Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated ntp packages fix security vulnerabilities: If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated (CVE-2014-9293). ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys (CVE-2014-9294). A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process (CVE-2014-9295). A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker (CVE-2014-9296). The ntp package has been patched to fix these issues. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 http://support.ntp.org/bin/view/Main/SecurityNotice#Resolved_Vulnerabilities https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 http://www.kb.cert.org/vuls/id/852879 https://bugzilla.redhat.com/show_bug.cgi?id=1176032 https://bugzilla.redhat.com/show_bug.cgi?id=1176035 https://bugzilla.redhat.com/show_bug.cgi?id=1176037 https://bugzilla.redhat.com/show_bug.cgi?id=1176040 ======================== Updated packages in core/updates_testing: ======================== ntp-4.2.6p5-15.2.mga4 ntp-client-4.2.6p5-15.2.mga4 ntp-doc-4.2.6p5-15.2.mga4 from ntp-4.2.6p5-15.2.mga4.src.rpm Reproducible: Steps to Reproduce:
Testing on Mageia 4x64 real hardware From current packages : --------------------- ntp-4.2.6p5-15.mga4 ntp-client-4.2.6p5-15.mga4 # systemctl status -l ntpd ntpd.service - Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled) Active: active (running) # ls -lsha /etc/ntp/* 4,0K -rw-r----- 1 root ntp 73 janv. 23 2014 /etc/ntp/keys 0 -rw-r--r-- 1 root root 0 nov. 15 17:32 /etc/ntp/step-tickers To updated testing packages : --------------------------- ntp-4.2.6p5-15.2.mga4 ntp-client-4.2.6p5-15.2.mga4 ntp-doc-4.2.6p5-15.2.mga4 # systemctl restart ntpd # systemctl status -l ntpd ntpd.service - Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled) Active: active (running) since sam. 2014-12-20 13:04:13 CET; 7s ago # ls -lsha /etc/ntp/* 4,0K -rw-r----- 1 root ntp 73 déc. 20 01:11 /etc/ntp/keys 0 -rw-r--r-- 1 root root 0 déc. 20 13:03 /etc/ntp/step-tickers ntp/keys has been renewed. Stopped ntpd, changed time to a wrong one, restarted ntpd, time was automatically updated and changed back. Seems OK.
CC: (none) => olchalWhiteboard: (none) => MGA4-64-OK
Testing complete mga4 32 As Olivier in comment 1. Also checked ntp-keygen and verified it is using openssl. # ntp-keygen Using OpenSSL version OpenSSL 1.0.1e 11 Feb 2013 ..etc # ntptime ntp_gettime() returns code 0 (OK) time d83ff070.c9896954 Sat, Dec 20 2014 12:56:16.787, (.787253342), maximum error 471737 us, estimated error 965 us, TAI offset 0 ntp_adjtime() returns code 0 (OK) ...etc
Whiteboard: MGA4-64-OK => MGA4-64-OK mga4-32-ok
Advisory uploaded. Validating. Could sysadmin please push to 4 updates Thanks
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: MGA4-64-OK mga4-32-ok => has_procedure advisory MGA4-64-OK mga4-32-ok
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0541.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
URL: (none) => http://lwn.net/Vulnerabilities/627312/