FS#14951 - [security] [ntp] 2 stack-based buffer overflows
Attached to Project:
Arch Linux
Opened by Greg (dolby) - Thursday, 04 June 2009, 06:00 GMT
Last edited by Tobias Powalowski (tpowa) - Thursday, 04 June 2009, 15:21 GMT
Opened by Greg (dolby) - Thursday, 04 June 2009, 06:00 GMT
Last edited by Tobias Powalowski (tpowa) - Thursday, 04 June 2009, 15:21 GMT
|
Details
Stack-based buffer overflow in the cookedprint function in
ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote
NTP servers to execute arbitrary code via a crafted
response.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 Package should be upgraded to 4.2.4p7 |
This task depends upon