Lucene search
Ubuntu.comUB:CVE-2009-1252HistoryMay 19, 2009 - 12:00 a.m.
CVE-2009-1252
2009-05-1900:00:00
ubuntu.com
ubuntu.com
11
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.964 High
EPSS
Percentile
99.5%
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in
ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and
autokey are enabled, allows remote attackers to execute arbitrary code via
a crafted packet containing an extension field.
Notes
| Author | Note |
|---|---|
| jdstrand | from CERT: If autokey is enabled (the ntp.conf file contains the line βcrypto pw whateverβ a remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow for malicious code to be executed with the privilege level of the ntpd process. |
Related
seebug
seebug
NTP 'ntpd' Autokeyζ ηΌε²εΊζΊ’εΊζΌζ΄
2009-05-21 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : ntp (MDVSA-2009:117)
2009-05-20 00:00:00
Network Time Protocol Daemon (ntpd) 4.x < 4.2.4p7 / 4.x < 4.2.5p74 crypto_recv() Function RCE
2009-05-20 00:00:00
Fedora 11 : ntp-4.2.4p7-2.fc11 (2009-5674)
2009-06-16 00:00:00
cert
cert
ntpd autokey stack buffer overflow
2009-05-18 00:00:00
openvas
openvas
FreeBSD Security Advisory (FreeBSD-SA-09:11.ntpd.asc)
2009-06-15 00:00:00
Mandrake Security Advisory MDVSA-2009:117 (ntp)
2009-06-05 00:00:00
Fedora Core 11 FEDORA-2009-5674 (ntp)
2009-06-23 00:00:00
prion
prion
Stack overflow
2009-05-19 19:30:00
f5
f5
SOL15928 - Network Time Protocol vulnerability CVE-2009-1252
2014-12-23 00:00:00
K15928 : Network Time Protocol vulnerability CVE-2009-1252
2014-12-23 00:00:00
debiancve
debiancve
CVE-2009-1252
2009-05-19 19:30:00
cve
cve
CVE-2009-1252
2009-05-19 19:30:00
securityvulns
securityvulns
ntpd buffer overflow
2009-05-26 00:00:00
[ GLSA 200905-08 ] NTP: Remote execution of arbitrary code
2009-05-26 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-09:11.ntpd
2009-06-10 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:32:10
checkpoint_advisories
checkpoint_advisories
NTP Daemon Autokey Stack Buffer Overflow (CVE-2009-1252)
2009-05-25 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: ntp-4.2.4p7-2.fc11
2009-06-16 01:33:48
[SECURITY] Fedora 11 Update: ntp-4.2.4p7-3.fc11
2009-12-11 18:23:49
[SECURITY] Fedora 10 Update: ntp-4.2.4p7-1.fc10
2009-05-30 02:28:09
debian
debian
[SECURITY] [DSA 1801-1] New ntp packages fix several vulnerabilities
2009-05-19 13:55:33
freebsd
freebsd
ntp -- stack-based buffer overflow
2009-05-06 00:00:00
redhat
redhat
(RHSA-2009:1039) Important: ntp security update
2009-05-18 00:00:00
(RHSA-2009:1040) Critical: ntp security update
2009-05-18 00:00:00
gentoo
gentoo
NTP: Remote execution of arbitrary code
2009-05-26 00:00:00
oraclelinux
oraclelinux
ntp security update
2009-05-18 00:00:00
ntp security update
2009-05-22 00:00:00
slackware
slackware
ntp
2009-06-03 20:44:43
centos
centos
ntp security update
2009-05-21 14:43:18
ntp security update
2009-05-19 15:07:14
ubuntu
ubuntu
Ntp vulnerabilities
2009-05-19 00:00:00
osv
osv
ntp - several vulnerabilities
2009-05-19 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.964 High
EPSS
Percentile
99.5%
Related for UB:CVE-2009-1252