Lucene search

K
osvGoogleOSV:DSA-1801-1
HistoryMay 19, 2009 - 12:00 a.m.

ntp - several vulnerabilities

2009-05-1900:00:00
Google
osv.dev
9

0.963 High

EPSS

Percentile

99.6%

Several remote vulnerabilities have been discovered in NTP, the Network
Time Protocol reference implementation. The Common Vulnerabilities and
Exposures project identifies the following problems:

  • CVE-2009-0159
    A buffer overflow in ntpq allow a remote NTP server to create a
    denial of service attack or to execute arbitrary code via a crafted
    response.
  • CVE-2009-1252
    A buffer overflow in ntpd allows a remote attacker to create a
    denial of service attack or to execute arbitrary code when the
    autokey functionality is enabled.

For the old stable distribution (etch), these problems have been fixed in
version 4.2.2.p4+dfsg-2etch3.

For the stable distribution (lenny), these problems have been fixed in
version 4.2.4p4+dfsg-8lenny2.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your ntp package.

CPENameOperatorVersion
ntpeq1:4.2.4p4+dfsg-8