CVE-2009-1252

Name of the Vulnerable Software and Affected Versions ntp versions prior to 4.2.4p7 ntp versions prior to 4.2.5p74

Description The issue concerns multiple vulnerabilities in the ntp package, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A specific vulnerability is a stack-based buffer overflow in the crypto recv function in ntpd, which allows remote attackers to execute arbitrary code via a crafted packet containing an extension field when OpenSSL and autokey are enabled.

Recommendations For ntp versions prior to 4.2.4p7, update to version 4.2.4p7 or later to resolve the issue. For ntp versions prior to 4.2.5p74, update to version 4.2.5p74 or later to resolve the issue. As a temporary workaround, consider disabling the crypto recv function until a patch is available. Restrict access to the ntp service to minimize the risk of exploitation.