[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: RE: ntpd vulnerability
From: Nounou Dadoun <nounou.dadoun () avigilon ! com>
Date: 2016-12-20 17:26:53
Message-ID: 8149AB08BCB1F54F92680ED6104891A0EAE075 () mbx027-w1-ca-4 ! exch027 ! domain ! local
[Download RAW message or body]
My apologies, I was looking at the main busybox page and I see now that that patch is \
incorporated in 1.25.1 from October 2016. We'll update to that one, thanks ... N
Nou Dadoun
Senior Firmware Developer, Security Specialist
Office: 604.629.5182 ext 2632
Support: 888.281.5182 | avigilon.com
Follow Twitter | Follow LinkedIn
This email, including any files attached hereto (the "email"), contains privileged \
and confidential information and is only for the intended addressee(s). If this email \
has been sent to you in error, such sending does not constitute waiver of privilege \
and we request that you kindly delete the email and notify the sender. Any \
unauthorized use or disclosure of this email is prohibited. Avigilon and certain \
other trade names used herein are the registered and/or unregistered trademarks of \
Avigilon Corporation and/or its affiliates in Canada and other jurisdictions \
worldwide.
-----Original Message-----
From: Daniel Thompson [mailto:daniel.thompson@linaro.org]
Sent: Tuesday, December 20, 2016 4:16 AM
To: Nounou Dadoun <nounou.dadoun@avigilon.com>; busybox@busybox.net
Subject: Re: ntpd vulnerability
On 19/12/16 18:24, Nounou Dadoun wrote:
> Just saw this vulnerability come across the CERT mailing list this morning:
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6301
>
> The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows \
> remote attackers to cause a denial of service (CPU and bandwidth consumption) via a \
> forged NTP packet, which triggers a communication loop.
> Any plans for a patch? ... N
I am a bit puzzled by this question. There are links on the CERT page you highlight \
that directly linking to a patch that has been applied to the codebase since August.
What plans for a patch do expect?
Daniel.
> -----Original Message-----
> From: busybox [mailto:busybox-bounces@busybox.net] On Behalf Of Nounou
> Dadoun
> Sent: Tuesday, November 22, 2016 2:05 PM
> To: busybox@busybox.net
> Subject: ntpd vulnerability
>
> Hi folks, we use BusyBox v1.22.1 currently and I'm just trying to
> determine whether or not busybox has the recently announced ntpd DoS
> vulnerability (http://www.kb.cert.org/vuls/id/633847 ) - it looks like
> ntpd.c is "based on" openNTPD so it's not entirely clear. Anybody
> know? Thanks .. N
>
>
> Nou Dadoun
> Senior Firmware Developer, Security Specialist
>
>
> Office: 604.629.5182 ext 2632
> Support: 888.281.5182 | avigilon.com Follow Twitter | Follow
> LinkedIn
>
>
> This email, including any files attached hereto (the "email"), contains privileged \
> and confidential information and is only for the intended addressee(s). If this \
> email has been sent to you in error, such sending does not constitute waiver of \
> privilege and we request that you kindly delete the email and notify the sender. \
> Any unauthorized use or disclosure of this email is prohibited. Avigilon and \
> certain other trade names used herein are the registered and/or unregistered \
> trademarks of Avigilon Corporation and/or its affiliates in Canada and other \
> jurisdictions worldwide.
>
> _______________________________________________
> busybox mailing list
> busybox@busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
> _______________________________________________
> busybox mailing list
> busybox@busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
>
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic