Vulnerability Description
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ntp | Ntp | 4.2.4p0 |
Related Weaknesses (CWE)
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
- http://rhn.redhat.com/errata/RHSA-2009-1039.htmlPatch
- http://rhn.redhat.com/errata/RHSA-2009-1040.htmlPatch
- http://secunia.com/advisories/35137
- http://secunia.com/advisories/35138
- http://secunia.com/advisories/35166
- http://secunia.com/advisories/35169
- http://secunia.com/advisories/35243
- http://secunia.com/advisories/35253
- http://secunia.com/advisories/35308
- http://secunia.com/advisories/35336
- http://secunia.com/advisories/35388
- http://secunia.com/advisories/35416
- http://secunia.com/advisories/35630
FAQ
What is CVE-2009-1252?
CVE-2009-1252 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execut...
How severe is CVE-2009-1252?
CVE-2009-1252 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1252?
Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp.