[j-nsp] ntpd vulnerability

Ivan Ivanov ivanov.ivan at gmail.com
Wed Dec 24 06:30:15 EST 2014


Hi,

Check this out!

https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR931184

HTH,
Ivan,



On Tue, Dec 23, 2014 at 5:01 PM, Jean Benoit <jean at unistra.fr> wrote:

> Hello,
>
> Does anyone know if Juniper has issued a patched version
> of JunOS for the following vulnerabilities in ntpd ?
>
>         http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9295
>
>         Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8
>         allow remote attackers to execute arbitrary code via a crafted
>         packet, related to (1) the crypto_recv function when the Autokey
>         Authentication feature is used, (2) the ctl_putdata function,
>         and (3) the configure function.
>
>         (1)
> http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_crypto_recv
>         (2)
> http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata
>         (3)
> http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_configure
>
> Buffer overflows (2) and (3) have no mitigation except upgrading
> ntp to 4.2.8 or filtering ntp packets. (1) depends on having "crypto
> ..." directives in ntp.conf.
>
> ntpd on JunOS 11.4 seems to be based on ntpd 4.2.0 and is likely
> vulnerable.
>
>         $strings ntpd |grep ntpd.4
>         ntpd 4.2.0-a Fri Mar  1 08:50:44 UTC 2013 (1)
>
> --
> Jean BENOIT
> Université de Strasbourg
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp




-- 
Best Regards!

Ivan Ivanov


More information about the juniper-nsp mailing list