[3.2] busybox: NTP server denial of service flaw (CVE-2016-6301)
The busybox NTP implementation doesn’t check the NTP mode of packets
received on the server port and responds to any packet with the right
size.
This includes responses from another NTP server. An attacker can send a
packet with a spoofed source address in order to create an infinite
loop of responses between two busybox NTP servers. Adding more packets
to the loop increases the traffic between the servers
until one of them has a fully loaded CPU and/or network.
Fixed upstream in:
busybox 1.26.0
Reference:
http://seclists.org/oss-sec/2016/q3/240
Patch:
https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71
(from redmine: issue id 6619, created on 2017-01-03, closed on 2017-01-23)
- Relations:
- parent #6616 (closed)
- Changesets:
- Revision 1a342976 by Sergei Lukin on 2017-01-20T12:23:59Z:
main/busybox: security fixes #6619
CVE-2016-6301: NTP server denial of service flaw