Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.900652
Category:Buffer overflow
Title:NTP.org 'ntpd' Autokey Stack Overflow Vulnerability
Summary:The host is running NTP.org's reference implementation; of NTP server, ntpd and is prone to a stack overflow vulnerability.
Description:Summary:
The host is running NTP.org's reference implementation
of NTP server, ntpd and is prone to a stack overflow vulnerability.

Vulnerability Insight:
This flaw is due to configuration error in ntp daemon's NTPv4
authentication code. If ntp daemon is configured to use Public Key Cryptography for NTP Packet
authentication which lets the attacker send crafted NTP requests.

Vulnerability Impact:
Successful exploitation will let the attacker craft a specially malicious
NTP request packet which can crash ntp daemon or can cause arbitrary code
execution in the affected machine with local user's privilege.

Affected Software/OS:
NTP.org's ntpd version prior to 4.2.4p7 and
4.2.5 to 4.2.5p73.

Solution:
Apply the security update according to the OS version.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 35017
Common Vulnerability Exposure (CVE) ID: CVE-2009-1252
http://www.securityfocus.com/bid/35017
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
CERT/CC vulnerability note: VU#853097
http://www.kb.cert.org/vuls/id/853097
Debian Security Information: DSA-1801 (Google Search)
http://www.debian.org/security/2009/dsa-1801
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html
FreeBSD Security Advisory: FreeBSD-SA-09:11
http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc
http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:117
https://launchpad.net/bugs/cve/2009-1252
NETBSD Security Advisory: NetBSD-SA2009-006
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307
RedHat Security Advisories: RHSA-2009:1039
http://rhn.redhat.com/errata/RHSA-2009-1039.html
RedHat Security Advisories: RHSA-2009:1040
http://rhn.redhat.com/errata/RHSA-2009-1040.html
http://www.securitytracker.com/id?1022243
http://secunia.com/advisories/35137
http://secunia.com/advisories/35138
http://secunia.com/advisories/35166
http://secunia.com/advisories/35169
http://secunia.com/advisories/35243
http://secunia.com/advisories/35253
http://secunia.com/advisories/35308
http://secunia.com/advisories/35336
http://secunia.com/advisories/35388
http://secunia.com/advisories/35416
http://secunia.com/advisories/35630
http://secunia.com/advisories/37470
http://secunia.com/advisories/37471
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
https://usn.ubuntu.com/777-1/
http://www.vupen.com/english/advisories/2009/1361
http://www.vupen.com/english/advisories/2009/3316
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.