[j-nsp] ntpd vulnerability

Jean Benoit jean at unistra.fr
Tue Dec 23 10:01:58 EST 2014


Hello,

Does anyone know if Juniper has issued a patched version
of JunOS for the following vulnerabilities in ntpd ?

	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9295

	Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8
	allow remote attackers to execute arbitrary code via a crafted
	packet, related to (1) the crypto_recv function when the Autokey
	Authentication feature is used, (2) the ctl_putdata function,
	and (3) the configure function.

	(1) http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_crypto_recv
	(2) http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata
	(3) http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_configure

Buffer overflows (2) and (3) have no mitigation except upgrading
ntp to 4.2.8 or filtering ntp packets. (1) depends on having "crypto
..." directives in ntp.conf.

ntpd on JunOS 11.4 seems to be based on ntpd 4.2.0 and is likely
vulnerable.

	$strings ntpd |grep ntpd.4
	ntpd 4.2.0-a Fri Mar  1 08:50:44 UTC 2013 (1)

-- 
Jean BENOIT
Université de Strasbourg


More information about the juniper-nsp mailing list