Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Buffer overflow 'ntpd' Autokey Stack Overflow Vulnerability
Summary:The host is running's reference implementation; of NTP server, ntpd and is prone to a stack overflow vulnerability.
The host is running's reference implementation
of NTP server, ntpd and is prone to a stack overflow vulnerability.

Vulnerability Insight:
This flaw is due to configuration error in ntp daemon's NTPv4
authentication code. If ntp daemon is configured to use Public Key Cryptography for NTP Packet
authentication which lets the attacker send crafted NTP requests.

Vulnerability Impact:
Successful exploitation will let the attacker craft a specially malicious
NTP request packet which can crash ntp daemon or can cause arbitrary code
execution in the affected machine with local user's privilege.

Affected Software/OS:'s ntpd version prior to 4.2.4p7 and
4.2.5 to 4.2.5p73.

Apply the security update according to the OS version.

CVSS Score:

CVSS Vector:

Cross-Ref: BugTraq ID: 35017
Common Vulnerability Exposure (CVE) ID: CVE-2009-1252
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
CERT/CC vulnerability note: VU#853097
Debian Security Information: DSA-1801 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-09:11
NETBSD Security Advisory: NetBSD-SA2009-006
RedHat Security Advisories: RHSA-2009:1039
RedHat Security Advisories: RHSA-2009:1040
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.