FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-0159

This CVE name corresponds to:

Entered	Topic
2009-05-20	ntp -- stack-based buffer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-0159 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2009-0159
Phase	Assigned(20090116)

Description

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

References

Source	Reference
BUGTRAQ	20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
CONFIRM	http://bugs.pardus.org.tr/show_bug.cgi?id=9532
CONFIRM	https://support.ntp.org/bugs/show_bug.cgi?id=1144
CONFIRM	http://support.apple.com/kb/HT3549
CONFIRM	http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=490617
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
APPLE	APPLE-SA-2009-05-12
DEBIAN	DSA-1801
FEDORA	FEDORA-2009-5273
FEDORA	FEDORA-2009-5275
GENTOO	GLSA-200905-08
HP	HPSBUX02859
HP	SSRT101144
MANDRIVA	MDVSA-2009:092
NETBSD	NetBSD-SA2009-006
REDHAT	RHSA-2009:1039
REDHAT	RHSA-2009:1040
REDHAT	RHSA-2009:1651
SLACKWARE	SSA:2009-154-01
SUSE	SUSE-SR:2009:011
UBUNTU	USN-777-1
CERT	TA09-133A
BID	34481
OSVDB	53593
OVAL	oval:org.mitre.oval:def:5411
OVAL	oval:org.mitre.oval:def:8386
OVAL	oval:org.mitre.oval:def:8665
OVAL	oval:org.mitre.oval:def:9634
OVAL	oval:org.mitre.oval:def:19392
SECTRACK	1022033
SECUNIA	34608
SECUNIA	35074
SECUNIA	35137
SECUNIA	35166
SECUNIA	35169
SECUNIA	35253
SECUNIA	35138
SECUNIA	35308
SECUNIA	35336
SECUNIA	35416
SECUNIA	35630
SECUNIA	37471
VUPEN	ADV-2009-0999
VUPEN	ADV-2009-1297
VUPEN	ADV-2009-3316
XF	ntp-cookedprint-bo(49838)