1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2009/10/07 01:33:22+00:00 davehart@shiny.ad.hartbrothers.com
# [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
#
# ChangeLog
# 2009/10/07 01:33:21+00:00 davehart@shiny.ad.hartbrothers.com +4 -0
# [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
#
# ntpd/ntp_request.c
# 2009/10/07 01:33:21+00:00 davehart@shiny.ad.hartbrothers.com +9 -2
# [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
#
Index: ntp-4.2.4p7/ChangeLog
===================================================================
--- ntp-4.2.4p7.orig/ChangeLog
+++ ntp-4.2.4p7/ChangeLog
@@ -1,4 +1,8 @@
---
+
+* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
+
+---
(4.2.4p7) 2009/05/18 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 1151] Remote exploit if autokey is enabled - CVE-2009-1252.
Index: ntp-4.2.4p7/ntpd/ntp_request.c
===================================================================
--- ntp-4.2.4p7.orig/ntpd/ntp_request.c
+++ ntp-4.2.4p7/ntpd/ntp_request.c
@@ -409,6 +409,7 @@ process_private(
int mod_okay
)
{
+ static u_long quiet_until;
struct req_pkt *inpkt;
struct req_pkt_tail *tailinpkt;
struct sockaddr_storage *srcadr;
@@ -444,8 +445,14 @@ process_private(
|| (++ec, INFO_MBZ(inpkt->mbz_itemsize) != 0)
|| (++ec, rbufp->recv_length < REQ_LEN_HDR)
) {
- msyslog(LOG_ERR, "process_private: INFO_ERR_FMT: test %d failed, pkt from %s", ec, stoa(srcadr));
- req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
+ NLOG(NLOG_SYSEVENT)
+ if (current_time >= quiet_until) {
+ msyslog(LOG_ERR,
+ "process_private: drop test %d"
+ " failed, pkt from %s",
+ ec, stoa(srcadr));
+ quiet_until = current_time + 60;
+ }
return;
}
|
GitWeb
