8.6 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.964 High
EPSS
Percentile
99.5%
A stack-based buffer overflow was discovered in ntpq. If a user were
tricked into connecting to a malicious ntp server, a remote attacker could
cause a denial of service in ntpq, or possibly execute arbitrary code with
the privileges of the user invoking the program. (CVE-2009-0159)
Chris Ries discovered a stack-based overflow in ntp. If ntp was configured
to use autokey, a remote attacker could send a crafted packet to cause a
denial of service, or possibly execute arbitrary code. (CVE-2009-1252)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.04 | noarch | ntp | < 1:4.2.4p4+dfsg-7ubuntu5.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | ntp | < ate-1:4.2.4p4+dfsg-7ubuntu5.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | ntp | < 1:4.2.4p4+dfsg-6ubuntu2.3 | UNKNOWN |
Ubuntu | 8.10 | noarch | ntp | < ate-1:4.2.4p4+dfsg-6ubuntu2.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | ntp | < 1:4.2.4p4+dfsg-3ubuntu2.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | ntpdate | < 1:4.2.4p4+dfsg-3ubuntu2.2 | UNKNOWN |
Ubuntu | 6.06 | noarch | ntp-server | < 1:4.2.0a+stable-8.1ubuntu6.2 | UNKNOWN |
Ubuntu | 6.06 | noarch | ntp | < 1:4.2.0a+stable-8.1ubuntu6.2 | UNKNOWN |
Ubuntu | 6.06 | noarch | ntp | < refclock-1:4.2.0a+stable-8.1ubuntu6.2 | UNKNOWN |
Ubuntu | 6.06 | noarch | ntp | < server-1:4.2.0a+stable-8.1ubuntu6.2 | UNKNOWN |