Lucene search

[email protected]NVD:CVE-2009-1252

HistoryMay 19, 2009 - 7:30 p.m.

CVE-2009-1252

2009-05-1919:30:00

CWE-119

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.963 High

EPSS

Percentile

99.5%

JSON

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.

Affected configurations

NVD

Node

ntpntpMatch4.2.4p0

ntpntpMatch4.2.4p1

ntpntpMatch4.2.4p2

ntpntpMatch4.2.4p3

ntpntpMatch4.2.4p4

ntpntpMatch4.2.4p5

ntpntpMatch4.2.4p6

ntpntpMatch4.2.5p0

ntpntpMatch4.2.5p1

ntpntpMatch4.2.5p2

ntpntpMatch4.2.5p3

ntpntpMatch4.2.5p4

ntpntpMatch4.2.5p5

ntpntpMatch4.2.5p6

ntpntpMatch4.2.5p7

ntpntpMatch4.2.5p8

ntpntpMatch4.2.5p9

ntpntpMatch4.2.5p10

ntpntpMatch4.2.5p11

ntpntpMatch4.2.5p12

ntpntpMatch4.2.5p13

ntpntpMatch4.2.5p14

ntpntpMatch4.2.5p15

ntpntpMatch4.2.5p16

ntpntpMatch4.2.5p17

ntpntpMatch4.2.5p18

ntpntpMatch4.2.5p19

ntpntpMatch4.2.5p20

ntpntpMatch4.2.5p21

ntpntpMatch4.2.5p23

ntpntpMatch4.2.5p24

ntpntpMatch4.2.5p25

ntpntpMatch4.2.5p26

ntpntpMatch4.2.5p27

ntpntpMatch4.2.5p28

ntpntpMatch4.2.5p29

ntpntpMatch4.2.5p30

ntpntpMatch4.2.5p31

ntpntpMatch4.2.5p32

ntpntpMatch4.2.5p33

ntpntpMatch4.2.5p35

ntpntpMatch4.2.5p36

ntpntpMatch4.2.5p37

ntpntpMatch4.2.5p38

ntpntpMatch4.2.5p39

ntpntpMatch4.2.5p40

ntpntpMatch4.2.5p41

ntpntpMatch4.2.5p42

ntpntpMatch4.2.5p43

ntpntpMatch4.2.5p44

ntpntpMatch4.2.5p45

ntpntpMatch4.2.5p46

ntpntpMatch4.2.5p47

ntpntpMatch4.2.5p48

ntpntpMatch4.2.5p49

ntpntpMatch4.2.5p50

ntpntpMatch4.2.5p51

ntpntpMatch4.2.5p52

ntpntpMatch4.2.5p53

ntpntpMatch4.2.5p54

ntpntpMatch4.2.5p55

ntpntpMatch4.2.5p56

ntpntpMatch4.2.5p57

ntpntpMatch4.2.5p58

ntpntpMatch4.2.5p59

ntpntpMatch4.2.5p60

ntpntpMatch4.2.5p61

ntpntpMatch4.2.5p62

ntpntpMatch4.2.5p63

ntpntpMatch4.2.5p64

ntpntpMatch4.2.5p65

ntpntpMatch4.2.5p66

ntpntpMatch4.2.5p67

ntpntpMatch4.2.5p68

ntpntpMatch4.2.5p69

ntpntpMatch4.2.5p70

ntpntpMatch4.2.5p71

ntpntpMatch4.2.5p73

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc

lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

rhn.redhat.com/errata/RHSA-2009-1039.html

rhn.redhat.com/errata/RHSA-2009-1040.html

secunia.com/advisories/35137

secunia.com/advisories/35138

secunia.com/advisories/35166

secunia.com/advisories/35169

secunia.com/advisories/35243

secunia.com/advisories/35253

secunia.com/advisories/35308

secunia.com/advisories/35336

secunia.com/advisories/35388

secunia.com/advisories/35416

secunia.com/advisories/35630

secunia.com/advisories/37470

secunia.com/advisories/37471

security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238

wiki.rpath.com/wiki/Advisories:rPSA-2009-0092

www.debian.org/security/2009/dsa-1801

www.gentoo.org/security/en/glsa/glsa-200905-08.xml

www.kb.cert.org/vuls/id/853097

www.mandriva.com/security/advisories?name=MDVSA-2009:117

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/35017

www.securitytracker.com/id?1022243

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/1361

www.vupen.com/english/advisories/2009/3316

bugzilla.redhat.com/show_bug.cgi?id=499694

launchpad.net/bugs/cve/2009-1252

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307

support.ntp.org/bugs/show_bug.cgi?id=1151

usn.ubuntu.com/777-1/

www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.963 High

EPSS

Percentile

99.5%

JSON

Related for NVD:CVE-2009-1252