Lucene search

Veracode Vulnerability DatabaseVERACODE:23634

HistoryApr 10, 2020 - 12:32 a.m.

Stack-based Buffer Overflow

2020-04-1000:32:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

The Network Time Protocol (NTP) is vulnerable to Stack-based Buffer Overflow. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command.

CPENameOperatorVersion
ntpeq4.2.0.a.20040617__6.el4
ntpeq4.1.2__5.el3
ntpeq4.2.2p1__7.el5
ntpeq4.2.2p1__8.el5
ntpeq4.2.2p1__5.el5
ntpeq4.2.0.a.20040617__6.el4
ntpeq4.1.2__5.el3
ntpeq4.2.2p1__7.el5
ntpeq4.2.2p1__8.el5
ntpeq4.2.2p1__5.el5

Name	Operator	Version
ntp	eq	4.2.0.a.20040617__6.el4
ntp	eq	4.1.2__5.el3
ntp	eq	4.2.2p1__7.el5
ntp	eq	4.2.2p1__8.el5
ntp	eq	4.2.2p1__5.el5
ntp	eq	4.2.0.a.20040617__6.el4
ntp	eq	4.1.2__5.el3
ntp	eq	4.2.2p1__7.el5
ntp	eq	4.2.2p1__8.el5
ntp	eq	4.2.2p1__5.el5

References

bugs.pardus.org.tr/show_bug.cgi?id=9532

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc

lists.apple.com/archives/security-announce/2009/May/msg00002.html

lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

marc.info/?l=bugtraq&m=136482797910018&w=2

ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565

osvdb.org/53593

rhn.redhat.com/errata/RHSA-2009-1039.html

rhn.redhat.com/errata/RHSA-2009-1040.html

secunia.com/advisories/34608

secunia.com/advisories/35074

secunia.com/advisories/35137

secunia.com/advisories/35138

secunia.com/advisories/35166

secunia.com/advisories/35169

secunia.com/advisories/35253

secunia.com/advisories/35308

secunia.com/advisories/35336

secunia.com/advisories/35416

secunia.com/advisories/35630

secunia.com/advisories/37471

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238

support.apple.com/kb/HT3549

www.debian.org/security/2009/dsa-1801

www.gentoo.org/security/en/glsa/glsa-200905-08.xml

www.mandriva.com/security/advisories?name=MDVSA-2009:092

www.redhat.com/security/updates/classification/#critical

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/34481

www.securitytracker.com/id?1022033

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/0999

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/3316

access.redhat.com/errata/RHSA-2009:1040

bugzilla.redhat.com/show_bug.cgi?id=490617

exchange.xforce.ibmcloud.com/vulnerabilities/49838

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19392

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5411

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8386

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8665

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9634

rhn.redhat.com/errata/RHSA-2009-1651.html

support.ntp.org/bugs/show_bug.cgi?id=1144

usn.ubuntu.com/777-1/

www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:23634