FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1252

This CVE name corresponds to:

Entered	Topic
2009-05-20	ntp -- stack-based buffer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-1252 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2009-1252
Phase	Assigned(20090407)

Description

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.

References

Source	Reference
BUGTRAQ	20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
MISC	https://launchpad.net/bugs/cve/2009-1252
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=499694
CONFIRM	https://support.ntp.org/bugs/show_bug.cgi?id=1151
CONFIRM	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
DEBIAN	DSA-1801
FEDORA	FEDORA-2009-5273
FEDORA	FEDORA-2009-5275
FEDORA	FEDORA-2009-5674
FREEBSD	FreeBSD-SA-09:11
GENTOO	GLSA-200905-08
MANDRIVA	MDVSA-2009:117
NETBSD	NetBSD-SA2009-006
REDHAT	RHSA-2009:1039
REDHAT	RHSA-2009:1040
SLACKWARE	SSA:2009-154-01
SUSE	SUSE-SR:2009:011
UBUNTU	USN-777-1
CERT-VN	VU#853097
BID	35017
OVAL	oval:org.mitre.oval:def:11231
OVAL	oval:org.mitre.oval:def:6307
SECTRACK	1022243
SECUNIA	35137
SECUNIA	35166
SECUNIA	35169
SECUNIA	35243
SECUNIA	35253
SECUNIA	35138
SECUNIA	35308
SECUNIA	35336
SECUNIA	35416
SECUNIA	35388
SECUNIA	35630
SECUNIA	37470
SECUNIA	37471
VUPEN	ADV-2009-1361
VUPEN	ADV-2009-3316