ID de Prueba:	1.3.6.1.4.1.25623.1.0.900652
Categoría:	Buffer overflow
Título:	NTP.org 'ntpd' Autokey Stack Overflow Vulnerability
Resumen:	NTP.org's reference implementation of NTP server, ntpd is prone to a stack overflow vulnerability.
Descripción:	Summary: NTP.org's reference implementation of NTP server, ntpd is prone to a stack overflow vulnerability. Vulnerability Insight: This flaw is due to configuration error in ntp daemon's NTPv4 authentication code. If ntp daemon is configured to use Public Key Cryptography for NTP Packet authentication which lets the attacker send crafted NTP requests. Vulnerability Impact: Successful exploitation will let the attacker craft a specially malicious NTP request packet which can crash ntp daemon or can cause arbitrary code execution in the affected machine with local user's privilege. Affected Software/OS: NTPd version prior to 4.2.4p7 and 4.2.5 through 4.2.5p73. Solution: Apply the security update according to the OS version. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1252 BugTraq ID: 35017 http://www.securityfocus.com/bid/35017 Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded CERT/CC vulnerability note: VU#853097 http://www.kb.cert.org/vuls/id/853097 Debian Security Information: DSA-1801 (Google Search) http://www.debian.org/security/2009/dsa-1801 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html FreeBSD Security Advisory: FreeBSD-SA-09:11 http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:117 https://launchpad.net/bugs/cve/2009-1252 NETBSD Security Advisory: NetBSD-SA2009-006 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307 RedHat Security Advisories: RHSA-2009:1039 http://rhn.redhat.com/errata/RHSA-2009-1039.html RedHat Security Advisories: RHSA-2009:1040 http://rhn.redhat.com/errata/RHSA-2009-1040.html http://www.securitytracker.com/id?1022243 http://secunia.com/advisories/35137 http://secunia.com/advisories/35138 http://secunia.com/advisories/35166 http://secunia.com/advisories/35169 http://secunia.com/advisories/35243 http://secunia.com/advisories/35253 http://secunia.com/advisories/35308 http://secunia.com/advisories/35336 http://secunia.com/advisories/35388 http://secunia.com/advisories/35416 http://secunia.com/advisories/35630 http://secunia.com/advisories/37470 http://secunia.com/advisories/37471 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html https://usn.ubuntu.com/777-1/ http://www.vupen.com/english/advisories/2009/1361 http://www.vupen.com/english/advisories/2009/3316
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.