Vulnerability Description
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ntp | Ntp | <= 4.2.4p7 |
Related Weaknesses (CWE)
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc
- http://bugs.pardus.org.tr/show_bug.cgi?id=9532
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
- http://marc.info/?l=bugtraq&m=136482797910018&w=2
- http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565
- http://osvdb.org/53593
- http://rhn.redhat.com/errata/RHSA-2009-1039.html
- http://rhn.redhat.com/errata/RHSA-2009-1040.html
- http://secunia.com/advisories/34608Vendor Advisory
- http://secunia.com/advisories/35074Vendor Advisory
- http://secunia.com/advisories/35137Vendor Advisory
- http://secunia.com/advisories/35138Vendor Advisory
- http://secunia.com/advisories/35166Vendor Advisory
- http://secunia.com/advisories/35169Vendor Advisory
FAQ
What is CVE-2009-0159?
CVE-2009-0159 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
How severe is CVE-2009-0159?
CVE-2009-0159 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0159?
Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp.