[j-nsp] ntpd vulnerability
Jean Benoit
jean at unistra.fr
Tue Dec 23 10:01:58 EST 2014
Hello,
Does anyone know if Juniper has issued a patched version
of JunOS for the following vulnerabilities in ntpd ?
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9295
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8
allow remote attackers to execute arbitrary code via a crafted
packet, related to (1) the crypto_recv function when the Autokey
Authentication feature is used, (2) the ctl_putdata function,
and (3) the configure function.
(1) http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_crypto_recv
(2) http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata
(3) http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_configure
Buffer overflows (2) and (3) have no mitigation except upgrading
ntp to 4.2.8 or filtering ntp packets. (1) depends on having "crypto
..." directives in ntp.conf.
ntpd on JunOS 11.4 seems to be based on ntpd 4.2.0 and is likely
vulnerable.
$strings ntpd |grep ntpd.4
ntpd 4.2.0-a Fri Mar 1 08:50:44 UTC 2013 (1)
--
Jean BENOIT
Université de Strasbourg
More information about the juniper-nsp
mailing list