From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA-1908-1
[email protected] http://www.debian.org/security/ Nico Golde December 8th, 2009
http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : ntp
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
Debian bug : 560074
CVE ID : CVE-2009-3563
Robin Park and Dmitri Vinokurov discovered that the daemon component of
the ntp package, a reference implementation of the NTP protocol, is
not properly reacting to certain incoming packets.
An unexpected NTP mode 7 packets (MODE_PRIVATE) with spoofed IP data can lead ntpd to reply with a mode 7 response to the spoofed address. This may result in the service playing packet ping-pong with other ntp servers or even itself which causes CPU usage and excessive disk use due to logging. An attacker
can use this to conduct denial of service attacks.
For the oldstable distribution (etch), this problem has been fixed in
version 1:4.2.2.p4+dfsg-2etch4.
For the stable distribution (lenny), this problem has been fixed in
version 1:4.2.4p4+dfsg-8lenny3.
For the testing (squeeze) and unstable (sid) distribution, this problem
will be fixed soon.
We recommend that you upgrade your ntp packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.dsc
Size/MD5 checksum: 906 115e93f010e32aa1c90231461487503a
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz
Size/MD5 checksum: 2199764 ad746cda2d90dbb9ed06fe164273c5d0
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.diff.gz
Size/MD5 checksum: 182632 80aa236bd0a39096c5e5d462c0b9b279
Architecture independent packages:
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-2etch4_all.deb
Size/MD5 checksum: 28596 df605f89c08a01116c2ff799777f6a2c
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch4_all.deb
Size/MD5 checksum: 28594 0c683ac7e7f5b131515f956aed87de3d
http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-2etch4_all.deb
Size/MD5 checksum: 912886 1af5a623cbf5f145f34dab7beefcd183
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_alpha.deb
Size/MD5 checksum: 408070 ca33235c58a26ad1a839084b4f2d385c
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_alpha.deb
Size/MD5 checksum: 65056 e527eb4c93d427c025374805fb5288cb
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_amd64.deb
Size/MD5 checksum: 62258 13a4f4faaf699913e421c093e598f2a9
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_amd64.deb
Size/MD5 checksum: 359384 1a289aa1f8439e2ef736cbf29bbe140f
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_arm.deb
Size/MD5 checksum: 59784 8a84cae4e8f643cbd3ed684e5a7eb0ff
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_arm.deb
Size/MD5 checksum: 344316 57066e8abfdf51c36d63600c993f3c20
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_hppa.deb
Size/MD5 checksum: 372448 0b8f9b90bb03a2f572066fe8b47c7202
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_hppa.deb
Size/MD5 checksum: 62160 88dc964fa357187ddc97d37513a863ba
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_i386.deb
Size/MD5 checksum: 58316 90fc92e7a8f6582ee21076849ae0dfba
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_i386.deb
Size/MD5 checksum: 333772 e5fbae24686d444fff118f3ce9cc45db
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_ia64.deb
Size/MD5 checksum: 523358 0032e3c9bcb4a27a312a47fb95d1f9a1
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_ia64.deb
Size/MD5 checksum: 74712 72c1b601f4beb41c6c04a54534ba9c51
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mips.deb
Size/MD5 checksum: 382868 2980d63a9ca6344e6a76698d0e808f8c
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mips.deb
Size/MD5 checksum: 63610 d523930b9b98d6353bf4e6fb7d7e57f5
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mipsel.deb
Size/MD5 checksum: 64134 e4042de5af081701911a7cece69c6cce
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mipsel.deb
Size/MD5 checksum: 390142 b50dc2bd5970f224b6994c460f8f560a
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_powerpc.deb
Size/MD5 checksum: 358860 432b58ad621ac266455f7e5124d2eb1c
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_powerpc.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)