CVE-2009-1252

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

http://rhn.redhat.com/errata/RHSA-2009-1039.html

http://rhn.redhat.com/errata/RHSA-2009-1040.html

http://secunia.com/advisories/35137

http://secunia.com/advisories/35138

http://secunia.com/advisories/35166

http://secunia.com/advisories/35169

http://secunia.com/advisories/35243

http://secunia.com/advisories/35253

http://secunia.com/advisories/35308

http://secunia.com/advisories/35336

http://secunia.com/advisories/35388

http://secunia.com/advisories/35416

http://secunia.com/advisories/35630

http://secunia.com/advisories/37470

http://secunia.com/advisories/37471

http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092

http://www.debian.org/security/2009/dsa-1801

http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml

http://www.kb.cert.org/vuls/id/853097

http://www.mandriva.com/security/advisories?name=MDVSA-2009:117

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/35017

http://www.securitytracker.com/id?1022243

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/1361

http://www.vupen.com/english/advisories/2009/3316

https://bugzilla.redhat.com/show_bug.cgi?id=499694

https://launchpad.net/bugs/cve/2009-1252

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307

https://support.ntp.org/bugs/show_bug.cgi?id=1151

https://usn.ubuntu.com/777-1/

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html

Details

Source: MITRE

Published: 2009-05-19

Updated: 2018-10-10

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ntp:ntp:4.2.4p0:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4p1:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4p2:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4p3:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4p4:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4p5:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4p6:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p0:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p1:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p2:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p3:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p4:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p5:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p6:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p7:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p8:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p9:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p10:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p11:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p12:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p13:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p14:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p15:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p16:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p17:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p18:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p19:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p20:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p21:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p23:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p24:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p25:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p26:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p27:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p28:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p29:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p30:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p31:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p32:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p33:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p35:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p36:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p37:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p38:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p39:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p40:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p41:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p42:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p43:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p44:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p45:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p46:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p47:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p48:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p49:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p50:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p51:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p52:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p53:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p54:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p55:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p56:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p57:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p58:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p59:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p60:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p61:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p62:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p63:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p64:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p65:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p66:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p67:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p68:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p69:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p70:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p71:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.5p73:*:*:*:*:*:*:*

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
89117VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)NessusMisc.
critical
80395OracleVM 2.2 : ntp (OVMSA-2015-0002)NessusOracleVM Local Security Checks
high
80394OracleVM 3.2 : ntp (OVMSA-2015-0001)NessusOracleVM Local Security Checks
high
79458OracleVM 2.1 : ntp (OVMSA-2009-0011)NessusOracleVM Local Security Checks
medium
67861Oracle Linux 4 : ntp (ELSA-2009-1040)NessusOracle Linux Local Security Checks
medium
67860Oracle Linux 5 : ntp (ELSA-2009-1039)NessusOracle Linux Local Security Checks
medium
67066CentOS 4 : ntp (CESA-2009:1040)NessusCentOS Local Security Checks
medium
60587Scientific Linux Security Update : ntp on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
60586Scientific Linux Security Update : ntp on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
medium
43750CentOS 5 : ntp (CESA-2009:1039)NessusCentOS Local Security Checks
medium
42995Mandriva Linux Security Advisory : ntp (MDVSA-2009:309)NessusMandriva Local Security Checks
medium
42870VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.NessusVMware ESX Local Security Checks
medium
41601SuSE 10 Security Update : xntp (ZYPP Patch Number 6232)NessusSuSE Local Security Checks
medium
41441SuSE 11 Security Update : ntp (SAT Patch Number 863)NessusSuSE Local Security Checks
medium
41298SuSE9 Security Update : xntp (YOU Patch Number 12415)NessusSuSE Local Security Checks
medium
40285openSUSE Security Update : ntp (ntp-862)NessusSuSE Local Security Checks
medium
40083openSUSE Security Update : ntp (ntp-862)NessusSuSE Local Security Checks
medium
39394Fedora 11 : ntp-4.2.4p7-2.fc11 (2009-5674)NessusFedora Local Security Checks
medium
39008Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : ntp (SSA:2009-154-01)NessusSlackware Local Security Checks
medium
38962Fedora 9 : ntp-4.2.4p7-1.fc9 (2009-5275)NessusFedora Local Security Checks
medium
38961Fedora 10 : ntp-4.2.4p7-1.fc10 (2009-5273)NessusFedora Local Security Checks
medium
38920GLSA-200905-08 : NTP: Remote execution of arbitrary codeNessusGentoo Local Security Checks
medium
38881FreeBSD : ntp -- stack-based buffer overflow (4175c811-f690-4898-87c5-755b3cf1bac6)NessusFreeBSD Local Security Checks
medium
38848Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : ntp vulnerabilities (USN-777-1)NessusUbuntu Local Security Checks
medium
38847openSUSE 10 Security Update : xntp (xntp-6231)NessusSuSE Local Security Checks
medium
38844Mandriva Linux Security Advisory : ntp (MDVSA-2009:117)NessusMandriva Local Security Checks
medium
38833Debian DSA-1801-1 : ntp - buffer overflowsNessusDebian Local Security Checks
medium
38831Network Time Protocol Daemon (ntpd) 4.x < 4.2.4p7 / 4.x < 4.2.5p74 crypto_recv() Function RCENessusMisc.
high
38821RHEL 4 : ntp (RHSA-2009:1040)NessusRed Hat Local Security Checks
medium
38820RHEL 5 : ntp (RHSA-2009:1039)NessusRed Hat Local Security Checks
medium