diff options
| author | Andrej Valek <andrej.valek@siemens.com> | 2017-04-06 09:07:37 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-04-10 23:00:42 +0100 |
| commit | 36b2865318c78d0d79cca8aafb06c4e993a00471 (patch) | |
| tree | c2641b8aa51810406188a905060555490fe153cf /meta/recipes-core/busybox | |
| parent | 74d7d12b3760d0b149538c0c08cddb0e3db3b012 (diff) | |
| download | poky-36b2865318c78d0d79cca8aafb06c4e993a00471.tar.gz | |
busybox: Security fix CVE-2016-6301
ntpd: NTP server denial of service flaw
CVE: CVE-2016-6301
(From OE-Core rev: 301dc9df16cce1f4649f90af47159bc21be0de59)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/busybox')
| -rw-r--r-- | meta/recipes-core/busybox/busybox/CVE-2016-6301.patch | 37 | ||||
| -rw-r--r-- | meta/recipes-core/busybox/busybox_1.24.1.bb | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch new file mode 100644 index 0000000000..851bc20f79 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch | |||
| @@ -0,0 +1,37 @@ | |||
| 1 | busybox1.24.1: Fix CVE-2016-6301 | ||
| 2 | |||
| 3 | [No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=1363710 | ||
| 4 | |||
| 5 | ntpd: NTP server denial of service flaw | ||
| 6 | |||
| 7 | The busybox NTP implementation doesn't check the NTP mode of packets | ||
| 8 | received on the server port and responds to any packet with the right | ||
| 9 | size. This includes responses from another NTP server. An attacker can | ||
| 10 | send a packet with a spoofed source address in order to create an | ||
| 11 | infinite loop of responses between two busybox NTP servers. Adding | ||
| 12 | more packets to the loop increases the traffic between the servers | ||
| 13 | until one of them has a fully loaded CPU and/or network. | ||
| 14 | |||
| 15 | Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71] | ||
| 16 | CVE: CVE-2016-6301 | ||
| 17 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
| 18 | Signed-off-by: Pascal Bach <pascal.bach@siemens.com> | ||
| 19 | |||
| 20 | diff --git a/networking/ntpd.c b/networking/ntpd.c | ||
| 21 | index 9732c9b..0f6a55f 100644 | ||
| 22 | --- a/networking/ntpd.c | ||
| 23 | +++ b/networking/ntpd.c | ||
| 24 | @@ -1985,6 +1985,13 @@ recv_and_process_client_pkt(void /*int fd*/) | ||
| 25 | goto bail; | ||
| 26 | } | ||
| 27 | |||
| 28 | + /* Respond only to client and symmetric active packets */ | ||
| 29 | + if ((msg.m_status & MODE_MASK) != MODE_CLIENT | ||
| 30 | + && (msg.m_status & MODE_MASK) != MODE_SYM_ACT | ||
| 31 | + ) { | ||
| 32 | + goto bail; | ||
| 33 | + } | ||
| 34 | + | ||
| 35 | query_status = msg.m_status; | ||
| 36 | query_xmttime = msg.m_xmttime; | ||
| 37 | |||
diff --git a/meta/recipes-core/busybox/busybox_1.24.1.bb b/meta/recipes-core/busybox/busybox_1.24.1.bb index 41fc64175e..6013ec9e5d 100644 --- a/meta/recipes-core/busybox/busybox_1.24.1.bb +++ b/meta/recipes-core/busybox/busybox_1.24.1.bb | |||
| @@ -47,6 +47,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ | |||
| 47 | file://CVE-2016-2148.patch \ | 47 | file://CVE-2016-2148.patch \ |
| 48 | file://CVE-2016-2147.patch \ | 48 | file://CVE-2016-2147.patch \ |
| 49 | file://CVE-2016-2147_2.patch \ | 49 | file://CVE-2016-2147_2.patch \ |
| 50 | file://CVE-2016-6301.patch \ | ||
| 50 | file://ip_fix_problem_on_mips64_n64_big_endian_musl_systems.patch \ | 51 | file://ip_fix_problem_on_mips64_n64_big_endian_musl_systems.patch \ |
| 51 | file://makefile-fix-backport.patch \ | 52 | file://makefile-fix-backport.patch \ |
| 52 | file://0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch \ | 53 | file://0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch \ |