NTPD 栈缓冲区溢出漏洞(CVE-2014-9295)

Posted mrhonest

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了NTPD 栈缓冲区溢出漏洞(CVE-2014-9295)相关的知识,希望对你有一定的参考价值。

漏洞描述

Network Time Protocol(NTP)是用来使计算机时间同步化的一种协议,它可以使计算机对其服务器或时钟源(如石英钟,GPS等等)做同步化。

ntpd 4.2.8之前版本,在实现上存在多个栈缓冲区溢出漏洞,远程攻击者通过构造的数据包,可触发ntpd函数crypto_recv() (用autokey进行身份验证), ctl_putdata(), configure()缓冲区溢出,用ntpd进程的权限执行任意代码。

 

解决方法

NTP
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:


http://support.ntp.org/bin/view/Main/SecurityNotice
http://www.ntp.org/downloads.html
http://www.ntp.org/ntpfaq/NTP-s-algo-crypt.htm
https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01

对于具体Linux发行版本中使用的版本,可以参考如下链接,确认是否受该漏洞影响:
HP-UX:
http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04554677
SUSE:
https://www.suse.com/security/cve/CVE-2014-9295.html
Fedora:
https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146861.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146911.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-December/147230.html
Redhat:
https://rhn.redhat.com/errata/RHSA-2015-0104.html
https://rhn.redhat.com/errata/RHSA-2014-2025.html
https://rhn.redhat.com/errata/RHSA-2014-2024.html
Gentoo:
https://security.gentoo.org/glsa/201412-34
Slackware:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.520762
FreeBSD:
https://vuxml.freebsd.org/freebsd/4033d826-87dd-11e4-9079-3c970e169bc2.html
Ubuntu:
http://www.ubuntu.com/usn/usn-2449-1
Solaris:
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp
Debian:
https://security-tracker.debian.org/tracker/DLA-116-1
https://security-tracker.debian.org/tracker/DSA-3108-1
AIX:
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory2.asc
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory2.asc
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory2.asc
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory2.asc
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory2.asc

以上是关于NTPD 栈缓冲区溢出漏洞(CVE-2014-9295)的主要内容,如果未能解决你的问题,请参考以下文章

Winamp栈溢出漏洞研究

浅析缓冲区溢出漏洞的利用与Shellcode编写

栈溢出原理

栈溢出原理

--栈溢出2

Linux中的保护机制