Date: 05 February 2010
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2010.0115
New chrony packages fix denial of service
5 February 2010
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: chrony
Publisher: Debian
Operating System: Debian GNU/Linux 5
Debian GNU/Linux 4
Linux variants
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2010-0294 CVE-2010-0293 CVE-2010-0292
Original Bulletin:
http://www.debian.org/security/2010/dsa-1992
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running chrony check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA-1992-1 security@debian.org
http://www.debian.org/security/ Nico Golde
February 4th, 2010 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : chrony
Vulnerability : several
Problem type : remote
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-0292 CVE-2010-0293 CVE-2010-0294
Several vulnerabilities have been discovered in chrony, a pair of programs
which are used to maintain the accuracy of the system clock on a computer.
This issues are similar to the NTP security flaw CVE-2009-3563. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-0292
chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for
unauthorized hosts. An attacker can abuse this behaviour to force two
chronyd instances to play packet ping-pong by sending such a packet with
spoofed source address and port. This results in high CPU and network
usage and thus denial of service conditions.
CVE-2010-0293
The client logging facility of chronyd doesn't limit memory that is used
to store client information. An attacker can cause chronyd to allocate
large amounts of memory by sending NTP or cmdmon packets with spoofed
source addresses resulting in memory exhaustion.
CVE-2010-0294
chronyd lacks of a rate limit control to the syslog facility when logging
received packets from unauthorized hosts. This allows an attacker to
cause denial of service conditions via filling up the logs and thus disk
space by repeatedly sending invalid cmdmon packets.
For the oldstable distribution (etch), this problem has been fixed in
version 1.21z-5+etch1.
For the stable distribution (lenny), this problem has been fixed in
version 1.23-6+lenny1.
For the testing (squeeze) and unstable (sid) distribution, this problem
will be fixed soon.
We recommend that you upgrade your chrony packages.
Upgrade instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- - -------------------------------
Debian (oldstable)
- - ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z.orig.tar.gz
Size/MD5 checksum: 310709 84f76a73dff5a3c9e9f11f3c29a4e93b
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1.dsc
Size/MD5 checksum: 629 41c78c176d00f2034298f0f91d9dcc7e
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1.diff.gz
Size/MD5 checksum: 157657 aef816a20684f142795441c9d0c2c39a
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_alpha.deb
Size/MD5 checksum: 354606 9c8d999fe33d00f7a2c7582b265ab1e8
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_amd64.deb
Size/MD5 checksum: 337452 d87cea1f14f0834d91540f6125f53de9
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_arm.deb
Size/MD5 checksum: 335840 06b572cf16b4331c6af3eadd62054de6
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_hppa.deb
Size/MD5 checksum: 341488 919e32d2603bf6503be5f051b9a0111f
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_i386.deb
Size/MD5 checksum: 328578 f5ba5a2a8e08fe6978704cea5874b222
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_ia64.deb
Size/MD5 checksum: 383552 c904705550097e5f94305517fe83b422
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_mipsel.deb
Size/MD5 checksum: 355940 12845d0599bef378d006f790776a4c79
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_powerpc.deb
Size/MD5 checksum: 338000 ee2d8986bb062f6dc88ed4cd1e57966a
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_s390.deb
Size/MD5 checksum: 335212 fb9f62d0eea41f68b5a67d0c961a8045
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_sparc.deb
Size/MD5 checksum: 327336 872180a40677910e8010ec313eab73a8
Debian GNU/Linux 5.0 alias lenny
- - --------------------------------
Debian (stable)
- - ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1.dsc
Size/MD5 checksum: 1014 20987586fe342a0b48ebe8432f7ab9ef
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23.orig.tar.gz
Size/MD5 checksum: 321015 ffce77695e55d8efda19ab0b78309c23
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1.diff.gz
Size/MD5 checksum: 162829 a6d0c6c4d06b22630b00361f0c0e0e37
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_alpha.deb
Size/MD5 checksum: 350622 cc8748f4e26828a481397c76d4b7178b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_amd64.deb
Size/MD5 checksum: 334714 8cdc4b9808d7eb84a901359959bd43d9
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_arm.deb
Size/MD5 checksum: 332124 347fff466b0a11a3824f983421e4c6ad
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_armel.deb
Size/MD5 checksum: 336222 2e8bd1a63adb1df9577f796d010e1112
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_hppa.deb
Size/MD5 checksum: 338322 2639b0c0f98608e244bde3714bd801ae
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_i386.deb
Size/MD5 checksum: 321778 ea5ef26c6b52ea7a1a506fae23b2a5ec
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_ia64.deb
Size/MD5 checksum: 379862 9c3dd5b2b24ce43b2dc06d652e1802ad
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_mips.deb
Size/MD5 checksum: 340162 c50add8cb3986c4e7b6478545aecd1c9
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_mipsel.deb
Size/MD5 checksum: 348290 c17da54e6c6a2b66dd0fab961fdc00a1
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_powerpc.deb
Size/MD5 checksum: 336384 8c06d057cb248e80c5de06d399dc8581
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_s390.deb
Size/MD5 checksum: 333040 9e3cb73f7c58ff093d8e0407430af6ce
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_sparc.deb
Size/MD5 checksum: 325458 0f9b64665e974fc06a6e976100516d7f
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAktrBiUACgkQHYflSXNkfP8E8wCbBFIaDBI5zijz3mH/gGCnNrxj
xHoAn3XE1HhP/CcGGFySf/w6A10lIHg/
=+HgG
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://www.auscert.org.au/1967
iD8DBQFLa2a3/iFOrG6YcBERAq9sAJ9+Cz+RSuXxTTst6zGnDbVoJxZkYgCePs+1
djbVMsR4VLlalk+ukBOLRW0=
=iEcE
-----END PGP SIGNATURE-----
|