NTPd vulnerability [CVE-2014-9295 / CERT VU#852879]

luckman212

Some news hit the wire recently about a dangerous NTP vuln:

http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata (site currently offline, possibly due to DoS)
https://news.ycombinator.com/item?id=8773341

Just wondering if pfSense is vulnerable to this? Do we need to patch or block something in response here? I read that BSD uses OpenNTPD which at first I had heard was impervious to this, but on https://doc.pfsense.org/index.php/NTP_Server it states "The ntp.org NTPD distribution of ntpd is used" so now I am not sure. Any comments?

jimp

We're still investigating it internally.

Some more related links:

Google Cache of the NTP.org notice:
https://webcache.googleusercontent.com/search?q=cache:jMcfipOGXXwJ:support.ntp.org/bin/view/Main/SecurityNotice+&cd=4&hl=en&ct=clnk&gl=us

CERT Page:
http://www.kb.cert.org/vuls/id/852879

Redhat entry with some Analysis (that sounds not-too-bad, actually):
https://bugzilla.redhat.com/show_bug.cgi?id=1176037#c11

NMAP script to check versions, but not an exploit test:
https://gist.github.com/TomSellers/8d887db6ba11e2466db5

cmb

what we know at this point.
https://blog.pfsense.org/?p=1514