CVE-2009-1252

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2009-1252

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-1252.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2009-1252

Related

DSA-1801-1
RHSA-2009:1039
RHSA-2009:1040
openSUSE-SU-2024:10181-1

Published

2009-05-19T19:30:00Z

Modified

2024-06-30T12:01:22Z

Summary

[none]

Details

Stack-based buffer overflow in the cryptorecv function in ntpcrypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc
http://secunia.com/advisories/35137
http://secunia.com/advisories/35138
http://secunia.com/advisories/35166
http://secunia.com/advisories/35169
http://secunia.com/advisories/35243
http://secunia.com/advisories/35253
http://secunia.com/advisories/35308
http://secunia.com/advisories/35336
http://secunia.com/advisories/35388
http://secunia.com/advisories/35416
http://secunia.com/advisories/35630
http://secunia.com/advisories/37470
http://secunia.com/advisories/37471
http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc
http://www.debian.org/security/2009/dsa-1801
http://www.mandriva.com/security/advisories?name=MDVSA-2009:117
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/1361
http://www.vupen.com/english/advisories/2009/3316
http://rhn.redhat.com/errata/RHSA-2009-1039.html
http://rhn.redhat.com/errata/RHSA-2009-1040.html
https://bugzilla.redhat.com/show_bug.cgi?id=499694
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092
http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml
http://www.kb.cert.org/vuls/id/853097
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/35017
http://www.securitytracker.com/id?1022243
https://launchpad.net/bugs/cve/2009-1252
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307
https://support.ntp.org/bugs/show_bug.cgi?id=1151
https://usn.ubuntu.com/777-1/
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html
https://security-tracker.debian.org/tracker/CVE-2009-1252

Affected packages

Debian:11 / ntp

Package

Name: ntp
Purl: pkg:deb/debian/ntp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.2.4p6+dfsg-2

Ecosystem specific

{
    "urgency": "high"
}