summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-core/busybox/busybox/CVE-2016-6301.patch37
-rw-r--r--meta/recipes-core/busybox/busybox_1.24.1.bb1
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch
new file mode 100644
index 0000000000..851bc20f79
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch
@@ -0,0 +1,37 @@
1busybox1.24.1: Fix CVE-2016-6301
2
3[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=1363710
4
5ntpd: NTP server denial of service flaw
6
7The busybox NTP implementation doesn't check the NTP mode of packets
8received on the server port and responds to any packet with the right
9size. This includes responses from another NTP server. An attacker can
10send a packet with a spoofed source address in order to create an
11infinite loop of responses between two busybox NTP servers. Adding
12more packets to the loop increases the traffic between the servers
13until one of them has a fully loaded CPU and/or network.
14
15Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71]
16CVE: CVE-2016-6301
17Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
18Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
19
20diff --git a/networking/ntpd.c b/networking/ntpd.c
21index 9732c9b..0f6a55f 100644
22--- a/networking/ntpd.c
23+++ b/networking/ntpd.c
24@@ -1985,6 +1985,13 @@ recv_and_process_client_pkt(void /*int fd*/)
25 goto bail;
26 }
27
28+ /* Respond only to client and symmetric active packets */
29+ if ((msg.m_status & MODE_MASK) != MODE_CLIENT
30+ && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
31+ ) {
32+ goto bail;
33+ }
34+
35 query_status = msg.m_status;
36 query_xmttime = msg.m_xmttime;
37
diff --git a/meta/recipes-core/busybox/busybox_1.24.1.bb b/meta/recipes-core/busybox/busybox_1.24.1.bb
index 41fc64175e..6013ec9e5d 100644
--- a/meta/recipes-core/busybox/busybox_1.24.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.24.1.bb
@@ -47,6 +47,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
47 file://CVE-2016-2148.patch \ 47 file://CVE-2016-2148.patch \
48 file://CVE-2016-2147.patch \ 48 file://CVE-2016-2147.patch \
49 file://CVE-2016-2147_2.patch \ 49 file://CVE-2016-2147_2.patch \
50 file://CVE-2016-6301.patch \
50 file://ip_fix_problem_on_mips64_n64_big_endian_musl_systems.patch \ 51 file://ip_fix_problem_on_mips64_n64_big_endian_musl_systems.patch \
51 file://makefile-fix-backport.patch \ 52 file://makefile-fix-backport.patch \
52 file://0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch \ 53 file://0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch \