1 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch
new file mode 100644
index 0000000000..851bc20f79
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch
@@ -0,0 +1,37 @@
+busybox1.24.1: Fix CVE-2016-6301
+[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=1363710
+ntpd: NTP server denial of service flaw
+The busybox NTP implementation doesn't check the NTP mode of packets
+received on the server port and responds to any packet with the right
+size. This includes responses from another NTP server. An attacker can
+send a packet with a spoofed source address in order to create an
+infinite loop of responses between two busybox NTP servers. Adding
+more packets to the loop increases the traffic between the servers
+until one of them has a fully loaded CPU and/or network.
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71]
+CVE: CVE-2016-6301
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
+diff --git a/networking/ntpd.c b/networking/ntpd.c
+index 9732c9b..0f6a55f 100644
+--- a/networking/ntpd.c
+++ b/networking/ntpd.c
+@@ -1985,6 +1985,13 @@ recv_and_process_client_pkt(void /*int fd*/)
+                goto bail;
+        }
+ 
+       /* Respond only to client and symmetric active packets */
+       if ((msg.m_status & MODE_MASK) != MODE_CLIENT
+        && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
+       ) {
+               goto bail;
+       }
+
+        query_status = msg.m_status;
+        query_xmttime = msg.m_xmttime;
+

diff --git a/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch new file mode 100644 index 0000000000..851bc20f79 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch
@@ -0,0 +1,37 @@
	1	busybox1.24.1: Fix CVE-2016-6301
	2
	3	[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=1363710
	4
	5	ntpd: NTP server denial of service flaw
	6
	7	The busybox NTP implementation doesn't check the NTP mode of packets
	8	received on the server port and responds to any packet with the right
	9	size. This includes responses from another NTP server. An attacker can
	10	send a packet with a spoofed source address in order to create an
	11	infinite loop of responses between two busybox NTP servers. Adding
	12	more packets to the loop increases the traffic between the servers
	13	until one of them has a fully loaded CPU and/or network.
	14
	15	Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71]
	16	CVE: CVE-2016-6301
	17	Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
	18	Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
	19
	20	diff --git a/networking/ntpd.c b/networking/ntpd.c
	21	index 9732c9b..0f6a55f 100644
	22	--- a/networking/ntpd.c
	23	+++ b/networking/ntpd.c
	24	@@ -1985,6 +1985,13 @@ recv_and_process_client_pkt(void /int fd/)
	25	goto bail;
	26	}
	27
	28	+ /* Respond only to client and symmetric active packets */
	29	+ if ((msg.m_status & MODE_MASK) != MODE_CLIENT
	30	+ && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
	31	+ ) {
	32	+ goto bail;
	33	+ }
	34	+
	35	query_status = msg.m_status;
	36	query_xmttime = msg.m_xmttime;
	37