OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openntpd | Openntpd | * | 6.0 (including) |
| Openntpd | Ubuntu | artful | * |
| Openntpd | Ubuntu | precise | * |
| Openntpd | Ubuntu | wily | * |
| Openntpd | Ubuntu | yakkety | * |
| Openntpd | Ubuntu | zesty | * |
References
- http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/constraint.c.diff?r1=1.27\u0026r2=1.28
- http://www.openntpd.org/txt/release-6.0p1.txt
- http://www.openwall.com/lists/oss-security/2016/05/23/2
- http://www.openwall.com/lists/oss-security/2016/05/29/6
- http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/constraint.c.diff?r1=1.27\u0026r2=1.28
- http://www.openntpd.org/txt/release-6.0p1.txt
- http://www.openwall.com/lists/oss-security/2016/05/23/2
- http://www.openwall.com/lists/oss-security/2016/05/29/6