NTP ntpd/ntp_crypto.c crypto_recv() Function Remote Overflow

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.

Synopsis :

The remote host is running a time server with a remote buffer overflow

Description :

According to its self-reported version number, the version of ntpd
running on the remote host has a stack-based buffer overflow
vulnerability. The vulnerability is in the 'crypto_recv()' function of
'ntpd/ntp_crypto.c'. This could allow a remote attacker to crash the
service or execute arbitrary code.

Note : this issue is only exploitable if ntpd was compiled with
OpenSSL support and has autokey authentication enabled. The presence
of the following line in ntp.conf indicates a vulnerable system :

crypto pw *password*

Nessus did not check if the system is configured in this manner.

See also :


Solution :

Upgrade to ntpd version 4.2.4p7 / 4.2.5p74 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false

Family: Gain a shell remotely

Nessus Plugin ID: 38831 ()

Bugtraq ID: 35017

CVE ID: CVE-2009-1252