Lucene search

[email protected]CVE-2009-0159

HistoryApr 14, 2009 - 3:30 p.m.

CVE-2009-0159

2009-04-1415:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-0159

ntp

buffer overflow

remote code execution

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.043 Low

EPSS

Percentile

92.4%

JSON

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

Affected configurations

NVD

Node

ntpntpRange≤4.2.4p7rc1

ntpntpMatch4.0.72

ntpntpMatch4.0.73

ntpntpMatch4.0.90

ntpntpMatch4.0.91

ntpntpMatch4.0.92

ntpntpMatch4.0.93

ntpntpMatch4.0.94

ntpntpMatch4.0.95

ntpntpMatch4.0.96

ntpntpMatch4.0.97

ntpntpMatch4.0.98

ntpntpMatch4.0.99

ntpntpMatch4.1.0

ntpntpMatch4.1.2

ntpntpMatch4.2.0

ntpntpMatch4.2.2

ntpntpMatch4.2.2p1

ntpntpMatch4.2.2p2

ntpntpMatch4.2.2p3

ntpntpMatch4.2.2p4

ntpntpMatch4.2.4

ntpntpMatch4.2.4p0

ntpntpMatch4.2.4p1

ntpntpMatch4.2.4p2

ntpntpMatch4.2.4p3

ntpntpMatch4.2.4p4

ntpntpMatch4.2.4p5

ntpntpMatch4.2.4p6

CPENameOperatorVersion
ntp:ntpntple4.2.4p7
ntp:ntpntpeq4.0.72
ntp:ntpntpeq4.0.73
ntp:ntpntpeq4.0.90
ntp:ntpntpeq4.0.91
ntp:ntpntpeq4.0.92
ntp:ntpntpeq4.0.93
ntp:ntpntpeq4.0.94
ntp:ntpntpeq4.0.95
ntp:ntpntpeq4.0.96

CPE	Name	Operator	Version
ntp:ntp	ntp	le	4.2.4p7
ntp:ntp	ntp	eq	4.0.72
ntp:ntp	ntp	eq	4.0.73
ntp:ntp	ntp	eq	4.0.90
ntp:ntp	ntp	eq	4.0.91
ntp:ntp	ntp	eq	4.0.92
ntp:ntp	ntp	eq	4.0.93
ntp:ntp	ntp	eq	4.0.94
ntp:ntp	ntp	eq	4.0.95
ntp:ntp	ntp	eq	4.0.96

Rows per page:

1-10 of 291

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc

bugs.pardus.org.tr/show_bug.cgi?id=9532

lists.apple.com/archives/security-announce/2009/May/msg00002.html

lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

marc.info/?l=bugtraq&m=136482797910018&w=2

ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565

osvdb.org/53593

rhn.redhat.com/errata/RHSA-2009-1039.html

rhn.redhat.com/errata/RHSA-2009-1040.html

secunia.com/advisories/34608

secunia.com/advisories/35074

secunia.com/advisories/35137

secunia.com/advisories/35138

secunia.com/advisories/35166

secunia.com/advisories/35169

secunia.com/advisories/35253

secunia.com/advisories/35308

secunia.com/advisories/35336

secunia.com/advisories/35416

secunia.com/advisories/35630

secunia.com/advisories/37471

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238

support.apple.com/kb/HT3549

www.debian.org/security/2009/dsa-1801

www.gentoo.org/security/en/glsa/glsa-200905-08.xml

www.mandriva.com/security/advisories?name=MDVSA-2009:092

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/34481

www.securitytracker.com/id?1022033

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/0999

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/3316

bugzilla.redhat.com/show_bug.cgi?id=490617

exchange.xforce.ibmcloud.com/vulnerabilities/49838

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19392

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5411

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8386

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8665

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9634

rhn.redhat.com/errata/RHSA-2009-1651.html

support.ntp.org/bugs/show_bug.cgi?id=1144

usn.ubuntu.com/777-1/

www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.043 Low

EPSS

Percentile

92.4%

JSON

Related for CVE-2009-0159

openvas59 nessus38 debiancve1 seebug1 veracode1 securityvulns5 prion1 nvd1 ubuntucve1 cvelist1 freebsd1 centos3 redhat3 debian1 oraclelinux3 gentoo1 osv1 slackware1 ubuntu1 fedora3 vmware2