[j-nsp] ntpd vulnerability
Ivan Ivanov
ivanov.ivan at gmail.com
Wed Dec 24 06:30:15 EST 2014
Hi,
Check this out!
https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR931184
HTH,
Ivan,
On Tue, Dec 23, 2014 at 5:01 PM, Jean Benoit <jean at unistra.fr> wrote:
> Hello,
>
> Does anyone know if Juniper has issued a patched version
> of JunOS for the following vulnerabilities in ntpd ?
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9295
>
> Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8
> allow remote attackers to execute arbitrary code via a crafted
> packet, related to (1) the crypto_recv function when the Autokey
> Authentication feature is used, (2) the ctl_putdata function,
> and (3) the configure function.
>
> (1)
> http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_crypto_recv
> (2)
> http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata
> (3)
> http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_configure
>
> Buffer overflows (2) and (3) have no mitigation except upgrading
> ntp to 4.2.8 or filtering ntp packets. (1) depends on having "crypto
> ..." directives in ntp.conf.
>
> ntpd on JunOS 11.4 seems to be based on ntpd 4.2.0 and is likely
> vulnerable.
>
> $strings ntpd |grep ntpd.4
> ntpd 4.2.0-a Fri Mar 1 08:50:44 UTC 2013 (1)
>
> --
> Jean BENOIT
> Université de Strasbourg
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Best Regards!
Ivan Ivanov
More information about the juniper-nsp
mailing list