6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.963 High
EPSS
Percentile
99.5%
ntpd contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service.
NTP (Network Time Protocol) is a method by which client machines can synchronize the local date and time with a reference server. ntpd, which is the NTP daemon, contains a stack buffer overflow when it is compiled with OpenSSL support. The vulnerability is caused by the use of sprintf()
in the crypto_recv()
function in ntpd/ntp_crypto.c
. The vulnerable code is reachable if ntpd is configured to use autokey. This vulnerable configuration is indicated by a crypto pw ``_password_
line in the ntp.conf
file, where _password_``
is the password that has been configured.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the ntpd daemon.
Apply an update
This issue is addressed in ntp 4.2.4p7 and 4.2.5p74.
Disable autokey
This vulnerability can be mitigated by removing the crypto pw ``_password_
line from the ntp.conf
file.
853097
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 06, 2009 Updated: May 11, 2009
Statement Date: May 11, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 15, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 07, 2009 Updated: May 20, 2009
Statement Date: May 20, 2009
Affected
We have not received a statement from the vendor.
Please see <http://bugs.gentoo.org/show_bug.cgi?id=268962>
Notified: May 06, 2009 Updated: May 18, 2009
Affected
We have not received a statement from the vendor.
Please see RHSA-2009-1039.
NTP authentication is not enabled by default.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23853097 Feedback>).
Notified: May 06, 2009 Updated: July 31, 2009
Statement Date: July 31, 2009
Affected
We have not received a statement from the vendor.
SUSE Linux is affected by the by the ntpd auto key remote overflow issue. We have released updated packages to fix this problem.
Notified: May 06, 2009 Updated: May 20, 2009
Affected
We have not received a statement from the vendor.
Please see USN-777-1.
Notified: May 06, 2009 Updated: May 08, 2009
Statement Date: May 08, 2009
Not Affected
We have not received a statement from the vendor.
Default cray configurations do not utilize autokeys and not not vulnerable.
However, the xntp rpm provided in the OS release is vulnerable if sites locally enable autokeys.
Notified: May 06, 2009 Updated: May 07, 2009
Statement Date: May 07, 2009
Not Affected
We have not received a statement from the vendor.
DragonFly ships with its own homebrew client-only version.
Notified: May 06, 2009 Updated: August 12, 2009
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 15, 2009
Statement Date: May 15, 2009
Not Affected
Juniper Networks products are not susceptible to this vulnerability.
For additional information about this or any other vulnerability report, or to report a potential security vulnerability, please contact the Juniper Security Incident Response Team at [email protected]
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 07, 2009
Statement Date: May 07, 2009
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft has indicated that they do not support the Autokey feature.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23853097 Feedback>).
Notified: May 12, 2009 Updated: May 15, 2009
Statement Date: May 15, 2009
Not Affected
SafeNet has confirmed that none of its products are subject to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 12, 2009
Statement Date: May 12, 2009
Not Affected
We have checked our implementations of npt and our versions do not contain this vlunerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 13, 2009
Statement Date: May 14, 2009
Unknown
Solaris NTP implementation is not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 06, 2009 Updated: May 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 39 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 0 | AV:β/AC:β/Au:β/C:β/I:β/A:β |
Temporal | 0 | E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND) |
Environmental | 0 | CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND) |
This vulnerability was reported by Harlan Stenn of the NTP Forum at ISC (ntpforum.isc.org), who in turn credits Chris Ries of CMU.
This document was written by Will Dormann.
CVE IDs: | CVE-2009-1252 |
---|---|
Severity Metric: | 9.45 Date Public: |