National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-1252)

National Cyber-Alert System

Vulnerability Summary for CVE-2009-1252

Original release date:05/19/2009

Last revised:07/15/2009

Source: US-CERT/NIST

Overview

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#853097

Name: VU#853097

Hyperlink:http://www.kb.cert.org/vuls/id/853097

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=499694

Type: Patch Information

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=499694

External Source: REDHAT

Name: RHSA-2009:1040

Type: Patch Information

Hyperlink:http://rhn.redhat.com/errata/RHSA-2009-1040.html

External Source: REDHAT

Name: RHSA-2009:1039

Type: Patch Information

Hyperlink:http://rhn.redhat.com/errata/RHSA-2009-1039.html

External Source: FEDORA

Name: FEDORA-2009-5275

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html

External Source: FEDORA

Name: FEDORA-2009-5273

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html

External Source: FEDORA

Name: FEDORA-2009-5674

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html

External Source: CONFIRM

Name: https://support.ntp.org/bugs/show_bug.cgi?id=1151

Hyperlink:https://support.ntp.org/bugs/show_bug.cgi?id=1151

External Source: MISC

Name: https://launchpad.net/bugs/cve/2009-1252

Hyperlink:https://launchpad.net/bugs/cve/2009-1252

External Source: VUPEN

Name: ADV-2009-1361

Hyperlink:http://www.vupen.com/english/advisories/2009/1361

External Source: UBUNTU

Name: USN-777-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-777-1

External Source: SECTRACK

Name: 1022243

Hyperlink:http://www.securitytracker.com/id?1022243

External Source: BID

Name: 35017

Hyperlink:http://www.securityfocus.com/bid/35017

External Source: MANDRIVA

Name: MDVSA-2009:117

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:117

External Source: GENTOO

Name: GLSA-200905-08

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml

External Source: DEBIAN

Name: DSA-1801

Hyperlink:http://www.debian.org/security/2009/dsa-1801

External Source: CONFIRM

Name: http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092

Hyperlink:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092

External Source: SLACKWARE

Name: SSA:2009-154-01

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238

External Source: FREEBSD

Name: FreeBSD-SA-09:11

Hyperlink:http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc

External Source: SECUNIA

Name: 35630

Hyperlink:http://secunia.com/advisories/35630

External Source: SECUNIA

Name: 35416

Hyperlink:http://secunia.com/advisories/35416

External Source: SECUNIA

Name: 35388

Hyperlink:http://secunia.com/advisories/35388

External Source: SECUNIA

Name: 35336

Hyperlink:http://secunia.com/advisories/35336

External Source: SECUNIA

Name: 35308

Hyperlink:http://secunia.com/advisories/35308

External Source: SECUNIA

Name: 35253

Hyperlink:http://secunia.com/advisories/35253

External Source: SECUNIA

Name: 35243

Hyperlink:http://secunia.com/advisories/35243

External Source: SECUNIA

Name: 35169

Hyperlink:http://secunia.com/advisories/35169

External Source: SECUNIA

Name: 35166

Hyperlink:http://secunia.com/advisories/35166

External Source: SECUNIA

Name: 35138

Hyperlink:http://secunia.com/advisories/35138

External Source: SECUNIA

Name: 35137

Hyperlink:http://secunia.com/advisories/35137

External Source: SUSE

Name: SUSE-SR:2009:011

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

External Source: NETBSD

Name: NetBSD-SA2009-006

Hyperlink:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc

Vulnerable software and versions

Configuration 1

* cpe:/a:ntp:ntp:4.2.4p0

* cpe:/a:ntp:ntp:4.2.4p1

* cpe:/a:ntp:ntp:4.2.4p2

* cpe:/a:ntp:ntp:4.2.4p3

* cpe:/a:ntp:ntp:4.2.4p4

* cpe:/a:ntp:ntp:4.2.4p5

* cpe:/a:ntp:ntp:4.2.4p6

* cpe:/a:ntp:ntp:4.2.5p0

* cpe:/a:ntp:ntp:4.2.5p1

* cpe:/a:ntp:ntp:4.2.5p2

* cpe:/a:ntp:ntp:4.2.5p3

* cpe:/a:ntp:ntp:4.2.5p4

* cpe:/a:ntp:ntp:4.2.5p5

* cpe:/a:ntp:ntp:4.2.5p6

* cpe:/a:ntp:ntp:4.2.5p7

* cpe:/a:ntp:ntp:4.2.5p8

* cpe:/a:ntp:ntp:4.2.5p9

* cpe:/a:ntp:ntp:4.2.5p10

* cpe:/a:ntp:ntp:4.2.5p11

* cpe:/a:ntp:ntp:4.2.5p12

* cpe:/a:ntp:ntp:4.2.5p13

* cpe:/a:ntp:ntp:4.2.5p14

* cpe:/a:ntp:ntp:4.2.5p15

* cpe:/a:ntp:ntp:4.2.5p16

* cpe:/a:ntp:ntp:4.2.5p17

* cpe:/a:ntp:ntp:4.2.5p18

* cpe:/a:ntp:ntp:4.2.5p19

* cpe:/a:ntp:ntp:4.2.5p20

* cpe:/a:ntp:ntp:4.2.5p21

* cpe:/a:ntp:ntp:4.2.5p23

* cpe:/a:ntp:ntp:4.2.5p24

* cpe:/a:ntp:ntp:4.2.5p25

* cpe:/a:ntp:ntp:4.2.5p26

* cpe:/a:ntp:ntp:4.2.5p27

* cpe:/a:ntp:ntp:4.2.5p28

* cpe:/a:ntp:ntp:4.2.5p29

* cpe:/a:ntp:ntp:4.2.5p30

* cpe:/a:ntp:ntp:4.2.5p31

* cpe:/a:ntp:ntp:4.2.5p32

* cpe:/a:ntp:ntp:4.2.5p33

* cpe:/a:ntp:ntp:4.2.5p35

* cpe:/a:ntp:ntp:4.2.5p36

* cpe:/a:ntp:ntp:4.2.5p37

* cpe:/a:ntp:ntp:4.2.5p38

* cpe:/a:ntp:ntp:4.2.5p39

* cpe:/a:ntp:ntp:4.2.5p40

* cpe:/a:ntp:ntp:4.2.5p41

* cpe:/a:ntp:ntp:4.2.5p43

* cpe:/a:ntp:ntp:4.2.5p42

* cpe:/a:ntp:ntp:4.2.5p44

* cpe:/a:ntp:ntp:4.2.5p45

* cpe:/a:ntp:ntp:4.2.5p46

* cpe:/a:ntp:ntp:4.2.5p47

* cpe:/a:ntp:ntp:4.2.5p48

* cpe:/a:ntp:ntp:4.2.5p49

* cpe:/a:ntp:ntp:4.2.5p50

* cpe:/a:ntp:ntp:4.2.5p51

* cpe:/a:ntp:ntp:4.2.5p52

* cpe:/a:ntp:ntp:4.2.5p53

* cpe:/a:ntp:ntp:4.2.5p54

* cpe:/a:ntp:ntp:4.2.5p55

* cpe:/a:ntp:ntp:4.2.5p56

* cpe:/a:ntp:ntp:4.2.5p57

* cpe:/a:ntp:ntp:4.2.5p58

* cpe:/a:ntp:ntp:4.2.5p59

* cpe:/a:ntp:ntp:4.2.5p60

* cpe:/a:ntp:ntp:4.2.5p61

* cpe:/a:ntp:ntp:4.2.5p63

* cpe:/a:ntp:ntp:4.2.5p62

* cpe:/a:ntp:ntp:4.2.5p64

* cpe:/a:ntp:ntp:4.2.5p65

* cpe:/a:ntp:ntp:4.2.5p66

* cpe:/a:ntp:ntp:4.2.5p67

* cpe:/a:ntp:ntp:4.2.5p68

* cpe:/a:ntp:ntp:4.2.5p69

* cpe:/a:ntp:ntp:4.2.5p70

* cpe:/a:ntp:ntp:4.2.5p71

* cpe:/a:ntp:ntp:4.2.5p73

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Buffer Errors (CWE-119)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252