PT-2009-6681 · Ntp+3 · Ntp+3

Harlan Stenn

Published

1970-01-01

Updated

2024-06-15

CVE-2009-0159

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.4p7-RC2

Description The issue is related to a stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq, which allows remote NTP servers to execute arbitrary code via a crafted response. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For versions prior to 4.2.4p7-RC2, update to version 4.2.4p7-RC2 or later to resolve the issue. As a temporary workaround, consider restricting access to the cookedprint function in ntpq/ntpq.c to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2014-1197

BDU:2015-02159

BDU:2015-02160

BDU:2015-02161

BDU:2015-02162

BDU:2015-02163

BDU:2015-06447

BDU:2015-06448

BDU:2015-08486

BDU:2015-08487

BDU:2015-09376

CVE-2009-0159

DSA-1801-1

HPSBUX02859

OPENSUSE-SU-2024:10181-1

RHSA-2009:1039

RHSA-2009:1040

RHSA-2009:1651

RHSA-2009_1039

RHSA-2009_1040

Affected Products

Alt Linux

Hp-Ux

Ntp

Red Hat

PT-2009-6681 · Ntp+3 · Ntp+3

CVE-2009-0159

Weakness Enumeration

Related Identifiers

Affected Products

References · 161