First published: Thu May 07 2009(Updated: )
CERT has reported a vulnerability in ntp (VU#853097). If autokey is enabled, a remote attacker can send a carefully crafted packet that can overflow a stack buffer, potentially allowing for the execution of arbitrary code with the privileges of the ntpd process. This is corrected upstream in versions 4.2.4p7 and 4.2.5p74, and affects ntp 4.2.4 (and possibly earlier). This issue can also be mitigated by ensuring autokey support is not enabled. By default, Red Hat Enterprise Linux defaults to running ntpd unprivileged with the ntpd user. This issue has been assigned <a href="https://access.redhat.com/security/cve/CVE-2009-1252">CVE-2009-1252</a>.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/ntp | <0:4.2.0.a.20040617-8.el4_7.2 | 0:4.2.0.a.20040617-8.el4_7.2 |
redhat/ntp | <0:4.2.2p1-9.el5_3.2 | 0:4.2.2p1-9.el5_3.2 |
NTP ntp | =4.2.5p65 | |
NTP ntp | =4.2.5p1 | |
NTP ntp | =4.2.5p64 | |
NTP ntp | =4.2.5p32 | |
NTP ntp | =4.2.5p15 | |
NTP ntp | =4.2.5p0 | |
NTP ntp | =4.2.5p71 | |
NTP ntp | =4.2.5p40 | |
NTP ntp | =4.2.5p59 | |
NTP ntp | =4.2.5p30 | |
NTP ntp | =4.2.5p18 | |
NTP ntp | =4.2.4p5 | |
NTP ntp | =4.2.5p61 | |
NTP ntp | =4.2.5p47 | |
NTP ntp | =4.2.5p14 | |
NTP ntp | =4.2.4p4 | |
NTP ntp | =4.2.5p29 | |
NTP ntp | =4.2.5p13 | |
NTP ntp | =4.2.5p67 | |
NTP ntp | =4.2.5p7 | |
NTP ntp | =4.2.4p2 | |
NTP ntp | =4.2.5p63 | |
NTP ntp | =4.2.5p12 | |
NTP ntp | =4.2.5p53 | |
NTP ntp | =4.2.5p68 | |
NTP ntp | =4.2.5p28 | |
NTP ntp | =4.2.5p45 | |
NTP ntp | =4.2.5p25 | |
NTP ntp | =4.2.5p10 | |
NTP ntp | =4.2.5p21 | |
NTP ntp | =4.2.5p56 | |
NTP ntp | =4.2.5p39 | |
NTP ntp | =4.2.5p54 | |
NTP ntp | =4.2.5p16 | |
NTP ntp | =4.2.5p31 | |
NTP ntp | =4.2.5p73 | |
NTP ntp | =4.2.5p51 | |
NTP ntp | =4.2.5p19 | |
NTP ntp | =4.2.5p50 | |
NTP ntp | =4.2.5p6 | |
NTP ntp | =4.2.5p11 | |
NTP ntp | =4.2.5p42 | |
NTP ntp | =4.2.5p27 | |
NTP ntp | =4.2.5p44 | |
NTP ntp | =4.2.4p1 | |
NTP ntp | =4.2.5p5 | |
NTP ntp | =4.2.5p26 | |
NTP ntp | =4.2.5p60 | |
NTP ntp | =4.2.5p57 | |
NTP ntp | =4.2.5p3 | |
NTP ntp | =4.2.5p70 | |
NTP ntp | =4.2.5p37 | |
NTP ntp | =4.2.5p33 | |
NTP ntp | =4.2.5p46 | |
NTP ntp | =4.2.5p36 | |
NTP ntp | =4.2.5p52 | |
NTP ntp | =4.2.5p69 | |
NTP ntp | =4.2.5p49 | |
NTP ntp | =4.2.5p24 | |
NTP ntp | =4.2.5p8 | |
NTP ntp | =4.2.5p66 | |
NTP ntp | =4.2.5p17 | |
NTP ntp | =4.2.5p2 | |
NTP ntp | =4.2.5p38 | |
NTP ntp | =4.2.5p62 | |
NTP ntp | =4.2.4p3 | |
NTP ntp | =4.2.5p43 | |
NTP ntp | =4.2.5p4 | |
NTP ntp | =4.2.5p20 | |
NTP ntp | =4.2.5p58 | |
NTP ntp | =4.2.5p41 | |
NTP ntp | =4.2.5p35 | |
NTP ntp | =4.2.4p0 | |
NTP ntp | =4.2.5p55 | |
NTP ntp | =4.2.5p23 | |
NTP ntp | =4.2.5p48 | |
NTP ntp | =4.2.5p9 | |
NTP ntp | =4.2.4p6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.