National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-0159)

National Cyber Awareness System

Vulnerability Summary for CVE-2009-0159

Original release date:04/14/2009

Last revised:08/21/2010

Source: US-CERT/NIST

Overview

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA09-133A

Name: TA09-133A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA09-133A.html

External Source: CONFIRM

Name: https://support.ntp.org/bugs/show_bug.cgi?id=1144

Type: Patch Information

Hyperlink:https://support.ntp.org/bugs/show_bug.cgi?id=1144

External Source: BID

Name: 34481

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/34481

External Source: FEDORA

Name: FEDORA-2009-5275

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html

External Source: FEDORA

Name: FEDORA-2009-5273

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html

External Source: REDHAT

Name: RHSA-2009:1651

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1651.html

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=490617

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=490617

External Source: XF

Name: ntp-cookedprint-bo(49838)

Hyperlink:http://xforce.iss.net/xforce/xfdb/49838

External Source: VUPEN

Name: ADV-2009-3316

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2009/3316

External Source: VUPEN

Name: ADV-2009-1297

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2009/1297

External Source: VUPEN

Name: ADV-2009-0999

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2009/0999

External Source: CONFIRM

Name: http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Hyperlink:http://www.vmware.com/security/advisories/VMSA-2009-0016.html

External Source: UBUNTU

Name: USN-777-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-777-1

External Source: SECTRACK

Name: 1022033

Hyperlink:http://www.securitytracker.com/id?1022033

External Source: BUGTRAQ

Name: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded

External Source: MANDRIVA

Name: MDVSA-2009:092

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:092

External Source: GENTOO

Name: GLSA-200905-08

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml

External Source: DEBIAN

Name: DSA-1801

Hyperlink:http://www.debian.org/security/2009/dsa-1801

External Source: CONFIRM

Name: http://support.apple.com/kb/HT3549

Hyperlink:http://support.apple.com/kb/HT3549

External Source: SLACKWARE

Name: SSA:2009-154-01

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238

External Source: SECUNIA

Name: 37471

Type: Advisory

Hyperlink:http://secunia.com/advisories/37471

External Source: SECUNIA

Name: 35630

Type: Advisory

Hyperlink:http://secunia.com/advisories/35630

External Source: SECUNIA

Name: 35416

Type: Advisory

Hyperlink:http://secunia.com/advisories/35416

External Source: SECUNIA

Name: 35336

Type: Advisory

Hyperlink:http://secunia.com/advisories/35336

External Source: SECUNIA

Name: 35308

Type: Advisory

Hyperlink:http://secunia.com/advisories/35308

External Source: SECUNIA

Name: 35253

Type: Advisory

Hyperlink:http://secunia.com/advisories/35253

External Source: SECUNIA

Name: 35169

Type: Advisory

Hyperlink:http://secunia.com/advisories/35169

External Source: SECUNIA

Name: 35166

Type: Advisory

Hyperlink:http://secunia.com/advisories/35166

External Source: SECUNIA

Name: 35138

Type: Advisory

Hyperlink:http://secunia.com/advisories/35138

External Source: SECUNIA

Name: 35137

Type: Advisory

Hyperlink:http://secunia.com/advisories/35137

External Source: SECUNIA

Name: 35074

Type: Advisory

Hyperlink:http://secunia.com/advisories/35074

External Source: SECUNIA

Name: 34608

Type: Advisory

Hyperlink:http://secunia.com/advisories/34608

External Source: REDHAT

Name: RHSA-2009:1040

Hyperlink:http://rhn.redhat.com/errata/RHSA-2009-1040.html

External Source: REDHAT

Name: RHSA-2009:1039

Hyperlink:http://rhn.redhat.com/errata/RHSA-2009-1039.html

External Source: OVAL

Name: oval:org.mitre.oval:def:9634

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9634

External Source: OVAL

Name: oval:org.mitre.oval:def:8665

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8665

External Source: OVAL

Name: oval:org.mitre.oval:def:8386

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8386

External Source: OVAL

Name: oval:org.mitre.oval:def:5411

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5411

External Source: OSVDB

Name: 53593

Hyperlink:http://osvdb.org/53593

External Source: CONFIRM

Name: http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565

Hyperlink:http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565

External Source: SUSE

Name: SUSE-SR:2009:011

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

External Source: APPLE

Name: APPLE-SA-2009-05-12

Hyperlink:http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

External Source: CONFIRM

Name: http://bugs.pardus.org.tr/show_bug.cgi?id=9532

Hyperlink:http://bugs.pardus.org.tr/show_bug.cgi?id=9532

External Source: NETBSD

Name: NetBSD-SA2009-006

Hyperlink:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc

References to Check Content

Identifier:oval:org.mitre.oval:def:5411

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5411

Identifier:oval:org.mitre.oval:def:8386

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8386

Identifier:oval:org.mitre.oval:def:8665

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8665

Identifier:oval:org.mitre.oval:def:9634

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9634

Vulnerable software and versions

Configuration 1

* cpe:/a:ntp:ntp:4.2.4p4

* cpe:/a:ntp:ntp:4.2.4p3

* cpe:/a:ntp:ntp:4.2.4p2

* cpe:/a:ntp:ntp:4.2.4p1

* cpe:/a:ntp:ntp:4.2.2

* cpe:/a:ntp:ntp:4.2.0

* cpe:/a:ntp:ntp:4.2.4p5

* cpe:/a:ntp:ntp:4.2.4p6

* cpe:/a:ntp:ntp:4.2.4p0

* cpe:/a:ntp:ntp:4.2.4

* cpe:/a:ntp:ntp:4.2.2p1

* cpe:/a:ntp:ntp:4.2.2p2

* cpe:/a:ntp:ntp:4.2.2p3

* cpe:/a:ntp:ntp:4.2.2p4

* cpe:/a:ntp:ntp:4.1.2

* cpe:/a:ntp:ntp:4.0.72

* cpe:/a:ntp:ntp:4.0.73

* cpe:/a:ntp:ntp:4.0.90

* cpe:/a:ntp:ntp:4.0.91

* cpe:/a:ntp:ntp:4.0.92

* cpe:/a:ntp:ntp:4.0.93

* cpe:/a:ntp:ntp:4.0.94

* cpe:/a:ntp:ntp:4.0.95

* cpe:/a:ntp:ntp:4.0.96

* cpe:/a:ntp:ntp:4.0.97

* cpe:/a:ntp:ntp:4.0.98

* cpe:/a:ntp:ntp:4.0.99

* cpe:/a:ntp:ntp:4.1.0

* cpe:/a:ntp:ntp:4.2.4p7:rc1 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Buffer Errors (CWE-119)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159