mlichvar pushed to ntp (f20). "protect symmetric associations with symmetric key against DoS attack (CVE-2015-1799)"

notifications at fedoraproject.org notifications at fedoraproject.org
Wed Apr 8 12:01:22 UTC 2015 

>From bbb99b114f09ae6dca294eb5d52cac8451ce3b53 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar at redhat.com>
Date: Wed, 8 Apr 2015 13:10:11 +0200
Subject: protect symmetric associations with symmetric key against DoS attack
 (CVE-2015-1799)


diff --git a/ntp-4.2.6p5-cve-2015-1799.patch b/ntp-4.2.6p5-cve-2015-1799.patch
new file mode 100644
index 0000000..10548ab
--- /dev/null
+++ b/ntp-4.2.6p5-cve-2015-1799.patch
@@ -0,0 +1,37 @@
+diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-1799 ntp-4.2.6p5/ntpd/ntp_proto.c
+--- ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-1799	2015-04-08 13:06:43.083810350 +0200
++++ ntp-4.2.6p5/ntpd/ntp_proto.c	2015-04-08 13:08:12.679980322 +0200
+@@ -1101,16 +1101,6 @@ receive(
+ 	}
+ 
+ 	/*
+-	 * Update the state variables.
+-	 */
+-	if (peer->flip == 0) {
+-		if (hismode != MODE_BROADCAST)
+-			peer->rec = p_xmt;
+-		peer->dst = rbufp->recv_time;
+-	}
+-	peer->xmt = p_xmt;
+-
+-	/*
+ 	 * If this is a crypto_NAK, the server cannot authenticate a
+ 	 * client packet. The server might have just changed keys. Clear
+ 	 * the association and restart the protocol.
+@@ -1157,6 +1147,16 @@ receive(
+ 	}
+ 
+ 	/*
++	 * Update the state variables.
++	 */
++	if (peer->flip == 0) {
++		if (hismode != MODE_BROADCAST)
++			peer->rec = p_xmt;
++		peer->dst = rbufp->recv_time;
++	}
++	peer->xmt = p_xmt;
++
++	/*
+ 	 * Set the peer ppoll to the maximum of the packet ppoll and the
+ 	 * peer minpoll. If a kiss-o'-death, set the peer minpoll to
+ 	 * this maximumn and advance the headway to give the sender some
diff --git a/ntp.spec b/ntp.spec
index 7079a45..1e5fc42 100644
--- a/ntp.spec
+++ b/ntp.spec
@@ -103,6 +103,8 @@ Patch28: ntp-4.2.6p5-cve-2014-9297.patch
 Patch29: ntp-4.2.6p5-cve-2014-9298.patch
 # ntpbz #2779
 Patch36: ntp-4.2.6p5-cve-2015-1798.patch
+# ntpbz #2781
+Patch37: ntp-4.2.6p5-cve-2015-1799.patch
 
 # handle unknown clock types
 Patch50: ntpstat-0.2-clksrc.patch
@@ -218,6 +220,7 @@ This package contains NTP documentation in HTML format.
 %patch28 -p1 -b .cve-2014-9297
 %patch29 -p1 -b .cve-2014-9298
 %patch36 -p1 -b .cve-2015-1798
+%patch37 -p1 -b .cve-2015-1799
 
 # ntpstat patches
 %patch50 -p1 -b .clksrc
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/ntp.git/commit/?h=f20&id=bbb99b114f09ae6dca294eb5d52cac8451ce3b53

More information about the scm-commits mailing list