Launchpad CVE tracker

CVE 2009-1252

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.

Related bugs and status

CVE-2009-1252 (Candidate) is related to these bugs:

Bug #379482: Update ntpdate to fix vulnerabilities.

Summary				In	Importance	Status
	379482	Update ntpdate to fix vulnerabilities.		The Dell Mini Project	Undecided	Fix Released

Bug #517701: ntpd apparmor rule does not allow reading dhcp based config

Summary				In	Importance	Status
	517701	ntpd apparmor rule does not allow reading dhcp based config		ntp (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://launchpad.net/...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://support.ntp.or...
REDHAT: RHSA-2009:1039
REDHAT: RHSA-2009:1040
CERT-VN: VU#853097
BID: 35017
DEBIAN: DSA-1801
MANDRIVA: MDVSA-2009:117
SECTRACK: 1022243
SECUNIA: 35137
VUPEN: ADV-2009-1361
SECUNIA: 35166
SECUNIA: 35169
CONFIRM: http://wiki.rpath.com/...
FEDORA: FEDORA-2009-5273
FEDORA: FEDORA-2009-5275
GENTOO: GLSA-200905-08
SECUNIA: 35243
SECUNIA: 35253
SECUNIA: 35138
SECUNIA: 35308
SUSE: SUSE-SR:2009:011
SECUNIA: 35336
FREEBSD: FreeBSD-SA-09:11
SECUNIA: 35416
FEDORA: FEDORA-2009-5674
SECUNIA: 35388
NETBSD: NetBSD-SA2009-006
SECUNIA: 35630
CONFIRM: http://www.vmware.com/...
SECUNIA: 37470
SECUNIA: 37471
VUPEN: ADV-2009-3316
SLACKWARE: SSA:2009-154-01
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-777-1
BUGTRAQ: 20091120 VMSA-2009-001...

Launchpad.net

CVE 2009-1252

Related bugs and status

Related bugs

References