Ubuntu 7.10: USN-705-1 Critical: NTP Signature Verification Issue

It was discovered that NTP did not properly perform signature verification.A remote attacker could exploit this to bypass certificate validation viaa malformed SSL/TLS signature.

==========================================================Ubuntu Security Notice USN-705-1           January 08, 2009
ntp vulnerability
CVE-2009-0021
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  ntp-refclock                    1:4.2.0a+stable-8.1ubuntu6.1
  ntp-simple                      1:4.2.0a+stable-8.1ubuntu6.1

Ubuntu 7.10:
  ntp                             1:4.2.4p0+dfsg-1ubuntu2.1

Ubuntu 8.04 LTS:
  ntp                             1:4.2.4p4+dfsg-3ubuntu2.1

Ubuntu 8.10:
  ntp                             1:4.2.4p4+dfsg-6ubuntu2.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that NTP did not properly perform signature verification.
A remote attacker could exploit this to bypass certificate validation via
a malformed SSL/TLS signature.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   268991 14166f5e0933968dd3a23db799bc3e45
          Size/MD5:      872 01f2feda3ccc49b651948cccbd3a8dc9
          Size/MD5:  2272395 30f8b3d5b970c14dce5c6d8c922afa3e

  Architecture independent packages:

          Size/MD5:   890912 9e95577b5de6166f4c140f8c8d94a878

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:    34728 ae79310d84cf954c745741dc3577a111
          Size/MD5:   136030 598ebb288aa3e3bf2cbdde435e939925
          Size/MD5:   270246 8d66671574a8bdec39f40ee97844e7a2
          Size/MD5:    47596 4478446cb6a262180a2a5f055434709f
          Size/MD5:   223814 1e2d67925cc2fb3509262ff42fbad9f1

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:    33610 b55a8c87bbff16a99cac7c03689846b7
          Size/MD5:   121362 76052fc1e3e25fccc256f52b5a81fe1a
          Size/MD5:   256456 edb3ce6ee23a5b17dbe60065c6141137
          Size/MD5:    44314 054706327c06bd7085dd95533a2f8653
          Size/MD5:   198136 c0c4aa0d7862afbfd5c6300b00cbadb1

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:    36868 5f56589b8e6d931eb40e90d0667123da
          Size/MD5:   134860 9f0273dfe7b9ecb632f5598800d86148
          Size/MD5:   271210 1b3fe8f1df3e88bcbfa3e2ad05509021
          Size/MD5:    48924 d448c4182005d934a815370a16bf639a
          Size/MD5:   221924 fbc5b6e77bd48e3c6309630bf75bc12d

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:    34126 fa41cd244d976002da1719a05b4e5d34
          Size/MD5:   126440 83e78b6cebce198f494accde5f8109f9
          Size/MD5:   261340 f9ac80e3066fc27f8d90e0a9452fdc9f
          Size/MD5:    46458 1b0b4e24a4b84536f36e8199c99e899a
          Size/MD5:   207226 1c9f149b54c62c34bd8c0db78397f32e

Updated packages for Ubuntu 7.10:

  Source archives:

          Size/MD5:   204671 8b3ad7bc7fcf61c96d693520fac38d1b
          Size/MD5:     1022 b0025f920e1b82bd87d7dc4dcefe186f
          Size/MD5:  2818698 acec1d168b1eee361663503a147a36a2

  Architecture independent packages:

          Size/MD5:   926916 c831ee4cbd5cf1f339222f0d647d83fd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   478830 a66b398d72813d6e69593f554ece3d49
          Size/MD5:    63738 009e8e25208b3d4e6c85a217f21e51f6

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   434302 59db103784625a64a6d3b85c84e7a3d1
          Size/MD5:    59786 c1f5155f0ed8923e008d9c84a2d5aa1c

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   436942 644b72bc4a824a357c974ad859c460ab
          Size/MD5:    59746 b7de5524ef4ccb1f46c082991d8ef6f3

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   490806 ec7eb553edb9b13432e3b48b977f55c5
          Size/MD5:    65372 6101469e4814fc417b634f4605c5a53a

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   445516 4342158ea469470c3690bebe99b75e99
          Size/MD5:    60856 79e18a358cb433a6cbade44a0a35a525

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:   284579 9e08da1552a923822e1bbaf5fb3436dd
          Size/MD5:     1046 853f79c9adc8408d3aab196f1272eba6
          Size/MD5:  2835029 dc2b3ac9cc04b0f29df35467514c9884

  Architecture independent packages:

          Size/MD5:   927834 cac7fc2329948f73b6ab0adf754f1ad0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   477022 17bb3e93c93823dd1547ccbe805f3af8
          Size/MD5:    64902 3b2e7fb24fc4cfa4fce36abb9d0fa050

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   432244 b2decf1f133358a005d8246ab7f729ff
          Size/MD5:    60938 859ebf211dc1d8289ac1962c325e3b13

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   435050 440d6f4a4a7abf4d3b78819fd7330820
          Size/MD5:    60878 31532ef8de50c832504d4b40ed8351f6

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   490126 436b8543b2d708778e5f59d1b056ead0
          Size/MD5:    66486 af994b85876a6593cd9ca858dea952aa

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   441952 b064fbc298503d77b58c91a24deb5423
          Size/MD5:    61658 c3223d40d9e80c8853b2641e6fce9ca4

Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:   303328 719ed85f0b4e20da182139a67095e392
          Size/MD5:     1555 23207d443f9e2e9b45e7d4ee1e119fb5
          Size/MD5:  2835029 dc2b3ac9cc04b0f29df35467514c9884

  Architecture independent packages:

          Size/MD5:   928470 b1c804df6fb0b4ae228ec7abe1e793a1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   486910 5870f9ac417b1b1ce228505e92feab05
          Size/MD5:    65818 2244cf99ce575c89462dbf5957867324

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   441962 faeae95f06d7dffaf50c7518cbefafd9
          Size/MD5:    62028 970e81fb55f431229c1e16abb0cdffdc

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   441376 d9b344dab0f38a2446623ed162c6ddb4
          Size/MD5:    61790 41b3ada3415ba5df30adb8a68d7b82f5

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   490946 b03e8fd6576efee8d8b94c73434fb5cb
          Size/MD5:    66840 2a71d6fcfbc7af61626fb4ad135dfb1d

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   449000 3733f4a7bfada8ee07d02eb6cfa1c26c
          Size/MD5:    62538 c0a429dc421b7c900795270f3842e41e

Ubuntu 7.10 USN-705-1 Security Advisory: Critical NTP Bypass Attack

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Ubuntu 7.10 USN-705-1 Security Advisory: Critical NTP Bypass Attack

Summary

Topics Covered

Update Instructions

References

Topics Covered

Package Information

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Ubuntu 7.10 USN-705-1 Security Advisory: Critical NTP Bypass Attack

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Ubuntu 7.10 USN-705-1 Security Advisory: Critical NTP Bypass Attack

Summary

Topics Covered

Update Instructions

References

Topics Covered

Package Information

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!