Lucene search

PRIOn knowledge basePRION:CVE-2009-1252

HistoryMay 19, 2009 - 7:30 p.m.

Stack overflow

2009-05-1919:30:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.964 High

EPSS

Percentile

99.5%

JSON

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.

CPENameOperatorVersion
ntpeq4.2.5-p65
ntpeq4.2.5-p1
ntpeq4.2.5-p64
ntpeq4.2.5-p32
ntpeq4.2.5-p15
ntpeq4.2.5-p0
ntpeq4.2.5-p71
ntpeq4.2.5-p40
ntpeq4.2.5-p59
ntpeq4.2.5-p30

Name	Operator	Version
ntp	eq	4.2.5-p65
ntp	eq	4.2.5-p1
ntp	eq	4.2.5-p64
ntp	eq	4.2.5-p32
ntp	eq	4.2.5-p15
ntp	eq	4.2.5-p0
ntp	eq	4.2.5-p71
ntp	eq	4.2.5-p40
ntp	eq	4.2.5-p59
ntp	eq	4.2.5-p30

Rows per page:

1-10 of 781

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc

lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

rhn.redhat.com/errata/RHSA-2009-1039.html

rhn.redhat.com/errata/RHSA-2009-1040.html

secunia.com/advisories/35137

secunia.com/advisories/35138

secunia.com/advisories/35166

secunia.com/advisories/35169

secunia.com/advisories/35243

secunia.com/advisories/35253

secunia.com/advisories/35308

secunia.com/advisories/35336

secunia.com/advisories/35388

secunia.com/advisories/35416

secunia.com/advisories/35630

secunia.com/advisories/37470

secunia.com/advisories/37471

security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238

wiki.rpath.com/wiki/Advisories:rPSA-2009-0092

www.debian.org/security/2009/dsa-1801

www.gentoo.org/security/en/glsa/glsa-200905-08.xml

www.kb.cert.org/vuls/id/853097

www.mandriva.com/security/advisories?name=MDVSA-2009:117

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/35017

www.securitytracker.com/id?1022243

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/1361

www.vupen.com/english/advisories/2009/3316

bugzilla.redhat.com/show_bug.cgi?id=499694

launchpad.net/bugs/cve/2009-1252

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307

support.ntp.org/bugs/show_bug.cgi?id=1151

usn.ubuntu.com/777-1/

www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.964 High

EPSS

Percentile

99.5%

JSON

Related for PRION:CVE-2009-1252