aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorAndrej Valek <andrej.valek@siemens.com>2017-04-06 09:07:37 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-05-18 13:04:47 +0100
commitdafbf8a9e9ed068ecbf22cc816f9a6a3a2da7aa9 (patch)
treefc2e5c1730237c61d3ca322d704189bb4a79c524 /meta/recipes-core
parent4d9fcf9f2fa573218cda3a133e0da34c4185838a (diff)
downloadopenembedded-core-dafbf8a9e9ed068ecbf22cc816f9a6a3a2da7aa9.tar.gz
busybox: Security fix CVE-2016-6301
ntpd: NTP server denial of service flaw CVE: CVE-2016-6301 Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 301dc9df16cce1f4649f90af47159bc21be0de59) Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/busybox/busybox/CVE-2016-6301.patch37
-rw-r--r--meta/recipes-core/busybox/busybox_1.24.1.bb1
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch
new file mode 100644
index 0000000000..851bc20f79
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch
@@ -0,0 +1,37 @@
+busybox1.24.1: Fix CVE-2016-6301
+
+[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=1363710
+
+ntpd: NTP server denial of service flaw
+
+The busybox NTP implementation doesn't check the NTP mode of packets
+received on the server port and responds to any packet with the right
+size. This includes responses from another NTP server. An attacker can
+send a packet with a spoofed source address in order to create an
+infinite loop of responses between two busybox NTP servers. Adding
+more packets to the loop increases the traffic between the servers
+until one of them has a fully loaded CPU and/or network.
+
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71]
+CVE: CVE-2016-6301
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
+
+diff --git a/networking/ntpd.c b/networking/ntpd.c
+index 9732c9b..0f6a55f 100644
+--- a/networking/ntpd.c
++++ b/networking/ntpd.c
+@@ -1985,6 +1985,13 @@ recv_and_process_client_pkt(void /*int fd*/)
+ goto bail;
+ }
+
++ /* Respond only to client and symmetric active packets */
++ if ((msg.m_status & MODE_MASK) != MODE_CLIENT
++ && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
++ ) {
++ goto bail;
++ }
++
+ query_status = msg.m_status;
+ query_xmttime = msg.m_xmttime;
+
diff --git a/meta/recipes-core/busybox/busybox_1.24.1.bb b/meta/recipes-core/busybox/busybox_1.24.1.bb
index f6c759584f..cb4568854c 100644
--- a/meta/recipes-core/busybox/busybox_1.24.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.24.1.bb
@@ -47,6 +47,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://CVE-2016-2148.patch \
file://CVE-2016-2147.patch \
file://CVE-2016-2147_2.patch \
+ file://CVE-2016-6301.patch \
file://ip_fix_problem_on_mips64_n64_big_endian_musl_systems.patch \
file://makefile-fix-backport.patch \
file://0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch \