Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23635

HistoryApr 10, 2020 - 12:32 a.m.

Arbitrary Code Execution

2020-04-1000:32:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

ntpd is vulnerable to arbitrary code execution. A buffer overflow flaw was discovered in the ntpd daemon’s NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the “ntp” user.

CPENameOperatorVersion
ntpeq4.2.0.a.20040617__6.el4
ntpeq4.2.2p1__5.el5
ntpeq4.2.2p1__8.el5
ntpeq4.2.2p1__7.el5
ntpeq4.2.0.a.20040617__6.el4
ntpeq4.2.2p1__5.el5
ntpeq4.2.2p1__8.el5
ntpeq4.2.2p1__7.el5

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc

lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

rhn.redhat.com/errata/RHSA-2009-1039.html

rhn.redhat.com/errata/RHSA-2009-1040.html

secunia.com/advisories/35137

secunia.com/advisories/35138

secunia.com/advisories/35166

secunia.com/advisories/35169

secunia.com/advisories/35243

secunia.com/advisories/35253

secunia.com/advisories/35308

secunia.com/advisories/35336

secunia.com/advisories/35388

secunia.com/advisories/35416

secunia.com/advisories/35630

secunia.com/advisories/37470

secunia.com/advisories/37471

security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238

wiki.rpath.com/wiki/Advisories:rPSA-2009-0092

www.debian.org/security/2009/dsa-1801

www.gentoo.org/security/en/glsa/glsa-200905-08.xml

www.kb.cert.org/vuls/id/853097

www.mandriva.com/security/advisories?name=MDVSA-2009:117

www.redhat.com/security/updates/classification/#critical

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/35017

www.securitytracker.com/id?1022243

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/1361

www.vupen.com/english/advisories/2009/3316

access.redhat.com/errata/RHSA-2009:1040

bugzilla.redhat.com/show_bug.cgi?id=499694

launchpad.net/bugs/cve/2009-1252

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307

support.ntp.org/bugs/show_bug.cgi?id=1151

usn.ubuntu.com/777-1/

www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P