NEWS revision 1.1
1 1.1 kardel NTP 4.2.4p8 (Harlan Stenn <stenn (a] ntp.org>, 2009/12/08) 2 1.1 kardel 3 1.1 kardel Focus: Security Fixes 4 1.1 kardel 5 1.1 kardel Severity: HIGH 6 1.1 kardel 7 1.1 kardel This release fixes the following high-severity vulnerability: 8 1.1 kardel 9 1.1 kardel * [Sec 1331] DoS with mode 7 packets - CVE-2009-3563. 10 1.1 kardel 11 1.1 kardel See http://support.ntp.org/security for more information. 12 1.1 kardel 13 1.1 kardel NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility. 14 1.1 kardel In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time 15 1.1 kardel transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 16 1.1 kardel request or a mode 7 error response from an address which is not listed 17 1.1 kardel in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will 18 1.1 kardel reply with a mode 7 error response (and log a message). In this case: 19 1.1 kardel 20 1.1 kardel * If an attacker spoofs the source address of ntpd host A in a 21 1.1 kardel mode 7 response packet sent to ntpd host B, both A and B will 22 1.1 kardel continuously send each other error responses, for as long as 23 1.1 kardel those packets get through. 24 1.1 kardel 25 1.1 kardel * If an attacker spoofs an address of ntpd host A in a mode 7 26 1.1 kardel response packet sent to ntpd host A, A will respond to itself 27 1.1 kardel endlessly, consuming CPU and logging excessively. 28 1.1 kardel 29 1.1 kardel Credit for finding this vulnerability goes to Robin Park and Dmitri 30 1.1 kardel Vinokurov of Alcatel-Lucent. 31 1.1 kardel 32 1.1 kardel THIS IS A STRONGLY RECOMMENDED UPGRADE. 33 1.1 kardel 34 1.1 kardel --- 35 1.1 kardel ntpd now syncs to refclocks right away. 36 1.1 kardel 37 1.1 kardel Backward-Incomatible changes: 38 1.1 kardel 39 1.1 kardel ntpd no longer accepts '-v name' or '-V name' to define internal variables. 40 1.1 kardel Use '--var name' or '--dvar name' instead. (Bug 817) 41 1.1 kardel 42 1.1 kardel --- 43 1.1 kardel NTP 4.2.4p7 (Harlan Stenn <stenn (a] ntp.org>, 2009/05/04) 44 1.1 kardel 45 1.1 kardel Focus: Security and Bug Fixes 46 1.1 kardel 47 1.1 kardel Severity: HIGH 48 1.1 kardel 49 1.1 kardel This release fixes the following high-severity vulnerability: 50 1.1 kardel 51 1.1 kardel * [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252 52 1.1 kardel 53 1.1 kardel See http://support.ntp.org/security for more information. 54 1.1 kardel 55 1.1 kardel If autokey is enabled (if ntp.conf contains a "crypto pw whatever" 56 1.1 kardel line) then a carefully crafted packet sent to the machine will cause 57 1.1 kardel a buffer overflow and possible execution of injected code, running 58 1.1 kardel with the privileges of the ntpd process (often root). 59 1.1 kardel 60 1.1 kardel Credit for finding this vulnerability goes to Chris Ries of CMU. 61 1.1 kardel 62 1.1 kardel This release fixes the following low-severity vulnerabilities: 63 1.1 kardel 64 1.1 kardel * [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159 65 1.1 kardel Credit for finding this vulnerability goes to Geoff Keating of Apple. 66 1.1 kardel 67 1.1 kardel * [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows 68 1.1 kardel Credit for finding this issue goes to Dave Hart. 69 1.1 kardel 70 1.1 kardel This release fixes a number of bugs and adds some improvements: 71 1.1 kardel 72 1.1 kardel * Improved logging 73 1.1 kardel * Fix many compiler warnings 74 1.1 kardel * Many fixes and improvements for Windows 75 1.1 kardel * Adds support for AIX 6.1 76 1.1 kardel * Resolves some issues under MacOS X and Solaris 77 1.1 kardel 78 1.1 kardel THIS IS A STRONGLY RECOMMENDED UPGRADE. 79 1.1 kardel 80 1.1 kardel --- 81 1.1 kardel NTP 4.2.4p6 (Harlan Stenn <stenn (a] ntp.org>, 2009/01/07) 82 1.1 kardel 83 1.1 kardel Focus: Security Fix 84 1.1 kardel 85 1.1 kardel Severity: Low 86 1.1 kardel 87 1.1 kardel This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting 88 1.1 kardel the OpenSSL library relating to the incorrect checking of the return 89 1.1 kardel value of EVP_VerifyFinal function. 90 1.1 kardel 91 1.1 kardel Credit for finding this issue goes to the Google Security Team for 92 1.1 kardel finding the original issue with OpenSSL, and to ocert.org for finding 93 1.1 kardel the problem in NTP and telling us about it. 94 1.1 kardel 95 1.1 kardel This is a recommended upgrade. 96 1.1 kardel --- 97 1.1 kardel NTP 4.2.4p5 (Harlan Stenn <stenn (a] ntp.org>, 2008/08/17) 98 1.1 kardel 99 1.1 kardel Focus: Minor Bugfixes 100 1.1 kardel 101 1.1 kardel This release fixes a number of Windows-specific ntpd bugs and 102 1.1 kardel platform-independent ntpdate bugs. A logging bugfix has been applied 103 1.1 kardel to the ONCORE driver. 104 1.1 kardel 105 1.1 kardel The "dynamic" keyword and is now obsolete and deferred binding to local 106 1.1 kardel interfaces is the new default. The minimum time restriction for the 107 1.1 kardel interface update interval has been dropped. 108 1.1 kardel 109 1.1 kardel A number of minor build system and documentation fixes are included. 110 1.1 kardel 111 1.1 kardel This is a recommended upgrade for Windows. 112 1.1 kardel 113 1.1 kardel --- 114 1.1 kardel NTP 4.2.4p4 (Harlan Stenn <stenn (a] ntp.org>, 2007/09/10) 115 1.1 kardel 116 1.1 kardel Focus: Minor Bugfixes 117 1.1 kardel 118 1.1 kardel This release updates certain copyright information, fixes several display 119 1.1 kardel bugs in ntpdc, avoids SIGIO interrupting malloc(), cleans up file descriptor 120 1.1 kardel shutdown in the parse refclock driver, removes some lint from the code, 121 1.1 kardel stops accessing certain buffers immediately after they were freed, fixes 122 1.1 kardel a problem with non-command-line specification of -6, and allows the loopback 123 1.1 kardel interface to share addresses with other interfaces. 124 1.1 kardel 125 1.1 kardel --- 126 1.1 kardel NTP 4.2.4p3 (Harlan Stenn <stenn (a] ntp.org>, 2007/06/29) 127 1.1 kardel 128 1.1 kardel Focus: Minor Bugfixes 129 1.1 kardel 130 1.1 kardel This release fixes a bug in Windows that made it difficult to 131 1.1 kardel terminate ntpd under windows. 132 1.1 kardel This is a recommended upgrade for Windows. 133 1.1 kardel 134 1.1 kardel --- 135 1.1 kardel NTP 4.2.4p2 (Harlan Stenn <stenn (a] ntp.org>, 2007/06/19) 136 1.1 kardel 137 1.1 kardel Focus: Minor Bugfixes 138 1.1 kardel 139 1.1 kardel This release fixes a multicast mode authentication problem, 140 1.1 kardel an error in NTP packet handling on Windows that could lead to 141 1.1 kardel ntpd crashing, and several other minor bugs. Handling of 142 1.1 kardel multicast interfaces and logging configuration were improved. 143 1.1 kardel The required versions of autogen and libopts were incremented. 144 1.1 kardel This is a recommended upgrade for Windows and multicast users. 145 1.1 kardel 146 1.1 kardel --- 147 1.1 kardel NTP 4.2.4 (Harlan Stenn <stenn (a] ntp.org>, 2006/12/31) 148 1.1 kardel 149 1.1 kardel Focus: enhancements and bug fixes. 150 1.1 kardel 151 1.1 kardel Dynamic interface rescanning was added to simplify the use of ntpd in 152 1.1 kardel conjunction with DHCP. GNU AutoGen is used for its command-line options 153 1.1 kardel processing. Separate PPS devices are supported for PARSE refclocks, MD5 154 1.1 kardel signatures are now provided for the release files. Drivers have been 155 1.1 kardel added for some new ref-clocks and have been removed for some older 156 1.1 kardel ref-clocks. This release also includes other improvements, documentation 157 1.1 kardel and bug fixes. 158 1.1 kardel 159 1.1 kardel K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI 160 1.1 kardel C support. 161 1.1 kardel 162 1.1 kardel --- 163 1.1 kardel NTP 4.2.0 (Harlan Stenn <stenn (a] ntp.org>, 2003/10/15) 164 1.1 kardel 165 1.1 kardel Focus: enhancements and bug fixes. 166
Indexes created Fri Apr 24 00:22:58 UTC 2026