CVE-2009-1252: Buffer Overflow
First published: Thu May 07 2009(Updated: )
CERT has reported a vulnerability in ntp (VU#853097). If autokey is enabled, a remote attacker can send a carefully crafted packet that can overflow a stack buffer, potentially allowing for the execution of arbitrary code with the privileges of the ntpd process. This is corrected upstream in versions 4.2.4p7 and 4.2.5p74, and affects ntp 4.2.4 (and possibly earlier). This issue can also be mitigated by ensuring autokey support is not enabled. By default, Red Hat Enterprise Linux defaults to running ntpd unprivileged with the ntpd user. This issue has been assigned <a href="https://access.redhat.com/security/cve/CVE-2009-1252">CVE-2009-1252</a>.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ntp | <0:4.2.0.a.20040617-8.el4_7.2 | 0:4.2.0.a.20040617-8.el4_7.2 |
| redhat/ntp | <0:4.2.2p1-9.el5_3.2 | 0:4.2.2p1-9.el5_3.2 |
| NTP ntp | =4.2.5p65 | |
| NTP ntp | =4.2.5p1 | |
| NTP ntp | =4.2.5p64 | |
| NTP ntp | =4.2.5p32 | |
| NTP ntp | =4.2.5p15 | |
| NTP ntp | =4.2.5p0 | |
| NTP ntp | =4.2.5p71 | |
| NTP ntp | =4.2.5p40 | |
| NTP ntp | =4.2.5p59 | |
| NTP ntp | =4.2.5p30 | |
| NTP ntp | =4.2.5p18 | |
| NTP ntp | =4.2.4p5 | |
| NTP ntp | =4.2.5p61 | |
| NTP ntp | =4.2.5p47 | |
| NTP ntp | =4.2.5p14 | |
| NTP ntp | =4.2.4p4 | |
| NTP ntp | =4.2.5p29 | |
| NTP ntp | =4.2.5p13 | |
| NTP ntp | =4.2.5p67 | |
| NTP ntp | =4.2.5p7 | |
| NTP ntp | =4.2.4p2 | |
| NTP ntp | =4.2.5p63 | |
| NTP ntp | =4.2.5p12 | |
| NTP ntp | =4.2.5p53 | |
| NTP ntp | =4.2.5p68 | |
| NTP ntp | =4.2.5p28 | |
| NTP ntp | =4.2.5p45 | |
| NTP ntp | =4.2.5p25 | |
| NTP ntp | =4.2.5p10 | |
| NTP ntp | =4.2.5p21 | |
| NTP ntp | =4.2.5p56 | |
| NTP ntp | =4.2.5p39 | |
| NTP ntp | =4.2.5p54 | |
| NTP ntp | =4.2.5p16 | |
| NTP ntp | =4.2.5p31 | |
| NTP ntp | =4.2.5p73 | |
| NTP ntp | =4.2.5p51 | |
| NTP ntp | =4.2.5p19 | |
| NTP ntp | =4.2.5p50 | |
| NTP ntp | =4.2.5p6 | |
| NTP ntp | =4.2.5p11 | |
| NTP ntp | =4.2.5p42 | |
| NTP ntp | =4.2.5p27 | |
| NTP ntp | =4.2.5p44 | |
| NTP ntp | =4.2.4p1 | |
| NTP ntp | =4.2.5p5 | |
| NTP ntp | =4.2.5p26 | |
| NTP ntp | =4.2.5p60 | |
| NTP ntp | =4.2.5p57 | |
| NTP ntp | =4.2.5p3 | |
| NTP ntp | =4.2.5p70 | |
| NTP ntp | =4.2.5p37 | |
| NTP ntp | =4.2.5p33 | |
| NTP ntp | =4.2.5p46 | |
| NTP ntp | =4.2.5p36 | |
| NTP ntp | =4.2.5p52 | |
| NTP ntp | =4.2.5p69 | |
| NTP ntp | =4.2.5p49 | |
| NTP ntp | =4.2.5p24 | |
| NTP ntp | =4.2.5p8 | |
| NTP ntp | =4.2.5p66 | |
| NTP ntp | =4.2.5p17 | |
| NTP ntp | =4.2.5p2 | |
| NTP ntp | =4.2.5p38 | |
| NTP ntp | =4.2.5p62 | |
| NTP ntp | =4.2.4p3 | |
| NTP ntp | =4.2.5p43 | |
| NTP ntp | =4.2.5p4 | |
| NTP ntp | =4.2.5p20 | |
| NTP ntp | =4.2.5p58 | |
| NTP ntp | =4.2.5p41 | |
| NTP ntp | =4.2.5p35 | |
| NTP ntp | =4.2.4p0 | |
| NTP ntp | =4.2.5p55 | |
| NTP ntp | =4.2.5p23 | |
| NTP ntp | =4.2.5p48 | |
| NTP ntp | =4.2.5p9 | |
| NTP ntp | =4.2.4p6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://launchpad.net/bugs/cve/2009-1252
- https://bugzilla.redhat.com/show_bug.cgi?id=499694
- https://support.ntp.org/bugs/show_bug.cgi?id=1151
- http://rhn.redhat.com/errata/RHSA-2009-1039.html
- http://rhn.redhat.com/errata/RHSA-2009-1040.html
- http://www.kb.cert.org/vuls/id/853097
- http://www.securityfocus.com/bid/35017
- http://www.debian.org/security/2009/dsa-1801
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:117
- http://www.securitytracker.com/id?1022243
- http://secunia.com/advisories/35137
- http://www.vupen.com/english/advisories/2009/1361
- http://secunia.com/advisories/35166
- http://secunia.com/advisories/35169
- http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html
- http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml
- http://secunia.com/advisories/35243
- http://secunia.com/advisories/35253
- http://secunia.com/advisories/35138
- http://secunia.com/advisories/35308
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
- http://secunia.com/advisories/35336
- http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc
- http://secunia.com/advisories/35416
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html
- http://secunia.com/advisories/35388
- http://secunia.com/advisories/35630
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://secunia.com/advisories/37470
- http://secunia.com/advisories/37471
- http://www.vupen.com/english/advisories/2009/3316
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307
- https://usn.ubuntu.com/777-1/
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238
- https://access.redhat.com/security/cve/CVE-2009-1252
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=343833&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=343833&action=edit
- http://support.ntp.org/security
- https://rhn.redhat.com/errata/RHSA-2009-1039.html
- https://rhn.redhat.com/errata/RHSA-2009-1040.html
- http://admin.fedoraproject.org/updates/ntp-4.2.4p7-1.fc9
- http://admin.fedoraproject.org/updates/ntp-4.2.4p7-1.fc10
- http://admin.fedoraproject.org/updates/ntp-4.2.4p7-1.fc11
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252
- http://admin.fedoraproject.org/updates/ntp-4.2.4p7-2.fc11
- https://www.cve.org/CVERecord?id=CVE-2009-1252 https://nvd.nist.gov/vuln/detail/CVE-2009-1252
- https://access.redhat.com/errata/RHSA-2009:1040
- https://access.redhat.com/errata/RHSA-2009:1039
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1252.json
Frequently Asked Questions
What is the severity of CVE-2009-1252?
CVE-2009-1252 has a high severity rating, as it can lead to buffer overflow and potentially arbitrary code execution.
How do I fix CVE-2009-1252?
To fix CVE-2009-1252, update your NTP to the patched version which addresses the vulnerability.
Which versions of NTP are affected by CVE-2009-1252?
CVE-2009-1252 affects several versions of NTP prior to the specified patched version, particularly those with autokey enabled.
Is CVE-2009-1252 related to remote attacks?
Yes, CVE-2009-1252 allows remote attackers to exploit the vulnerability by sending crafted packets.
What is the potential impact of exploiting CVE-2009-1252?
Exploiting CVE-2009-1252 could result in the execution of arbitrary code with the privileges of the NTP daemon process.
- collector/nvd-index
- collector/nvd-historical
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-1252
- collector/redhat-cve
- agent/software-canonical-lookup
- agent/severity
- agent/author
- agent/references
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/ntp
- canonical/ntp ntp
- version/ntp ntp/4.2.4p0
- version/ntp ntp/4.2.4p1
- version/ntp ntp/4.2.4p2
- version/ntp ntp/4.2.4p3
- version/ntp ntp/4.2.4p4
- version/ntp ntp/4.2.4p5
- version/ntp ntp/4.2.4p6
- version/ntp ntp/4.2.5p0
- version/ntp ntp/4.2.5p1
- version/ntp ntp/4.2.5p2
- version/ntp ntp/4.2.5p3
- version/ntp ntp/4.2.5p4
- version/ntp ntp/4.2.5p5
- version/ntp ntp/4.2.5p6
- version/ntp ntp/4.2.5p7
- version/ntp ntp/4.2.5p8
- version/ntp ntp/4.2.5p9
- version/ntp ntp/4.2.5p10
- version/ntp ntp/4.2.5p11
- version/ntp ntp/4.2.5p12
- version/ntp ntp/4.2.5p13
- version/ntp ntp/4.2.5p14
- version/ntp ntp/4.2.5p15
- version/ntp ntp/4.2.5p16
- version/ntp ntp/4.2.5p17
- version/ntp ntp/4.2.5p18
- version/ntp ntp/4.2.5p19
- version/ntp ntp/4.2.5p20
- version/ntp ntp/4.2.5p21
- version/ntp ntp/4.2.5p23
- version/ntp ntp/4.2.5p24
- version/ntp ntp/4.2.5p25
- version/ntp ntp/4.2.5p26
- version/ntp ntp/4.2.5p27
- version/ntp ntp/4.2.5p28
- version/ntp ntp/4.2.5p29
- version/ntp ntp/4.2.5p30
- version/ntp ntp/4.2.5p31
- version/ntp ntp/4.2.5p32
- version/ntp ntp/4.2.5p33
- version/ntp ntp/4.2.5p35
- version/ntp ntp/4.2.5p36
- version/ntp ntp/4.2.5p37
- version/ntp ntp/4.2.5p38
- version/ntp ntp/4.2.5p39
- version/ntp ntp/4.2.5p40
- version/ntp ntp/4.2.5p41
- version/ntp ntp/4.2.5p42
- version/ntp ntp/4.2.5p43
- version/ntp ntp/4.2.5p44
- version/ntp ntp/4.2.5p45
- version/ntp ntp/4.2.5p46
- version/ntp ntp/4.2.5p47
- version/ntp ntp/4.2.5p48
- version/ntp ntp/4.2.5p49
- version/ntp ntp/4.2.5p50
- version/ntp ntp/4.2.5p51
- version/ntp ntp/4.2.5p52
- version/ntp ntp/4.2.5p53
- version/ntp ntp/4.2.5p54
- version/ntp ntp/4.2.5p55
- version/ntp ntp/4.2.5p56
- version/ntp ntp/4.2.5p57
- version/ntp ntp/4.2.5p58
- version/ntp ntp/4.2.5p59
- version/ntp ntp/4.2.5p60
- version/ntp ntp/4.2.5p61
- version/ntp ntp/4.2.5p62
- version/ntp ntp/4.2.5p63
- version/ntp ntp/4.2.5p64
- version/ntp ntp/4.2.5p65
- version/ntp ntp/4.2.5p66
- version/ntp ntp/4.2.5p67
- version/ntp ntp/4.2.5p68
- version/ntp ntp/4.2.5p69
- version/ntp ntp/4.2.5p70
- version/ntp ntp/4.2.5p71
- version/ntp ntp/4.2.5p73
- package-manager/redhat