NTP Stack Buffer Overflow Vulnerability Network Vulnerability

Summary

This host has NTP installed and is prone to stack buffer overflow vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code or to cause the application to crash. Impact Level: Application.

Solution

Upgrade to NTP version 4.2.4p7-RC2 http://www.ntp.org/downloads.html

Insight

The flaw is due to a boundary error within the cookedprint() function in ntpq/ntpq.c while processing malicious response from a specially crafted remote time server.

Affected

NTP versions prior to 4.2.4p7-RC2 on Linux.

References

http://secunia.com/advisories/34608
http://www.vupen.com/english/advisories/2009/0999
http://xforce.iss.net/xforce/xfdb/49838

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0159
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

SIP Express Router Register Buffer Overflow
Sync Breeze Server Remote Stack Buffer Overflow Vulnerability
IrfanView Integer Overflow Vulnerability
KMPlayer '.mp3' File Remote Buffer Overflow Vulnerability
Groovy Media Player '.m3u' File Remote Stack Buffer Overflow Vulnerability

Take action and discover your vulnerabilities