From: Harlan Stenn Date: Fri, 27 May 2016 05:37:19 +0000 (-0700) Subject: [Sec3043] - validate origin timestamps on bad MACs, too. stenn@ntp.org X-Git-Tag: NTP_4_2_8P8~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e38c41cad6da138b463f0990f8276e78273d201;p=thirdparty%2Fntp.git [Sec3043] - validate origin timestamps on bad MACs, too. stenn@ntp.org bk: 5747dd0fk9FN_tD9dhCQXHL8TNSdWw --- diff --git a/ChangeLog b/ChangeLog index 05fd404d5..4fdad3d64 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,8 +2,9 @@ * [Sec 3042] Broadcast Interleave. HStenn. * [Sec 3043] Autokey association reset. perlinger@ntp.org, stenn@ntp.org - - fixes [Sec 3044] (partially) and [Sec 3045], too. + - validate origin timestamps on bad MACs, too. stenn@ntp.org * [Sec 3044] Spoofed server packets are partially processed. HStenn. +* [Sec 3045] Bad authentication demobilizes ephemeral associations. JPerlinger. * [Sec 3046] CRYPTO_NAK crash. stenn@ntp.org * [Bug 3038] NTP fails to build in VS2015. perlinger@ntp.org - provide build environment diff --git a/NEWS b/NEWS index 17aef6071..6d841198a 100644 --- a/NEWS +++ b/NEWS @@ -10,7 +10,7 @@ following 1 high- and 4 low-severity vulnerabilities" * CRYPTO_NAK crash Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016 - References: Sec 3046 / CVE-2016-4957 / VU#BBBBB + References: Sec 3046 / CVE-2016-4957 / VU#321640 Affects: ntp-4.2.8p7, and ntp-4.3.92. CVSS2: HIGH 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CVSS3: HIGH 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H @@ -28,7 +28,7 @@ following 1 high- and 4 low-severity vulnerabilities" * Bad authentication demobilizes ephemeral associations Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016 - References: Sec 3045 / CVE-2016-4953 + References: Sec 3045 / CVE-2016-4953 / VU#321640 Affects: ntp-4, up to but not including ntp-4.2.8p8, and ntp-4.3.0 up to, but not including ntp-4.3.93. CVSS2: LOW 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P) @@ -46,7 +46,7 @@ following 1 high- and 4 low-severity vulnerabilities" * Processing spoofed server packets Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016 - References: Sec 3044 / CVE-2016-4954 + References: Sec 3044 / CVE-2016-4954 / VU#321640 Affects: ntp-4, up to but not including ntp-4.2.8p8, and ntp-4.3.0 up to, but not including ntp-4.3.93. CVSS2: LOW 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P) @@ -60,20 +60,20 @@ following 1 high- and 4 low-severity vulnerabilities" Upgrade to 4.2.8p8, or later, from the NTP Project Download Page or the NTP Public Services Project Download Page Properly monitor your ntpd instances. - Credit: This weakness was discovered by Miroslav Lichvar of Red Hat. + Credit: This weakness was discovered by Jakub Prokes of Red Hat. * Autokey association reset Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016 - References: Sec 3043 / CVE-2016-4955 + References: Sec 3043 / CVE-2016-4955 / VU#321640 Affects: ntp-4, up to but not including ntp-4.2.8p8, and ntp-4.3.0 up to, but not including ntp-4.3.93. CVSS2: LOW 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P) CVSS3: LOW 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Summary: An attacker who is able to spoof a packet with a correct origin timestamp before the expected response packet arrives at - the target machine can send a CRYPTO_NAK and cause the - association's peer variables to be cleared. If this can be done - often enough, it will prevent that association from working. + the target machine can send a CRYPTO_NAK or a bad MAC and cause + the association's peer variables to be cleared. If this can be + done often enough, it will prevent that association from working. Mitigation: Implement BCP-38. Upgrade to 4.2.8p8, or later, from the NTP Project Download Page @@ -83,7 +83,7 @@ following 1 high- and 4 low-severity vulnerabilities" * Broadcast interleave Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016 - References: Sec 3042 / CVE-2016-4956 + References: Sec 3042 / CVE-2016-4956 / VU#321640 Affects: ntp-4, up to but not including ntp-4.2.8p8, and ntp-4.3.0 up to, but not including ntp-4.3.93. CVSS2: LOW 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P) diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index 7809fb4a3..513b99f68 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -1682,8 +1682,9 @@ receive( /* * Check for valid nonzero timestamp fields. */ - } else if (L_ISZERO(&p_org) || L_ISZERO(&p_rec) || - L_ISZERO(&peer->dst)) { + } else if ( L_ISZERO(&p_org) + || L_ISZERO(&p_rec) + || L_ISZERO(&peer->dst)) { peer->flash |= TEST3; /* unsynch */ /* @@ -1699,6 +1700,8 @@ receive( return; /* Bogus packet, we are done */ } + /**/ + /* * If this is a crypto_NAK, the server cannot authenticate a * client packet. The server might have just changed keys. Clear @@ -1715,8 +1718,9 @@ receive( return; } #ifdef AUTOKEY - if (peer->crypto) + if (peer->crypto) { peer_clear(peer, "AUTH"); + } #endif /* AUTOKEY */ return; @@ -1730,21 +1734,30 @@ receive( */ } else if (!AUTH(peer->keyid || has_mac || (restrict_mask & RES_DONTTRUST), is_authentic)) { + + if (peer->flash & PKT_TEST_MASK) { + msyslog(LOG_INFO, + "receive: Bad auth in packet with bad timestamps from %s denied - spoof?", + ntoa(&peer->srcadr)); + return; + } + report_event(PEVNT_AUTH, peer, "digest"); peer->flash |= TEST5; /* bad auth */ peer->badauth++; if ( has_mac - && (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)) + && ( hismode == MODE_ACTIVE + || hismode == MODE_PASSIVE)) fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask); if (peer->flags & FLAG_PREEMPT) { if (unpeer_digest_early) { unpeer(peer); } - return; } #ifdef AUTOKEY - if (peer_clear_digest_early && peer->crypto) + else if (peer_clear_digest_early && peer->crypto) { peer_clear(peer, "AUTH"); + } #endif /* AUTOKEY */ return; }