CVE-2009-0159

Опубликовано: 14 апр. 2009

Источник: nvd

CVSS2: 6.8

EPSS Средний

Описание

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

Ссылки

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc
http://bugs.pardus.org.tr/show_bug.cgi?id=9532
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://marc.info/?l=bugtraq&m=136482797910018&w=2
http://marc.info/?l=bugtraq&m=136482797910018&w=2
http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565
http://osvdb.org/53593
http://rhn.redhat.com/errata/RHSA-2009-1039.html
http://rhn.redhat.com/errata/RHSA-2009-1040.html
http://secunia.com/advisories/34608
Vendor Advisory
http://secunia.com/advisories/35074
Vendor Advisory
http://secunia.com/advisories/35137
Vendor Advisory
http://secunia.com/advisories/35138
Vendor Advisory
http://secunia.com/advisories/35166
Vendor Advisory
http://secunia.com/advisories/35169
Vendor Advisory
http://secunia.com/advisories/35253
Vendor Advisory
http://secunia.com/advisories/35308
Vendor Advisory
http://secunia.com/advisories/35336
Vendor Advisory
http://secunia.com/advisories/35416
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ntp:ntp:*:rc1:*:*:*:*:*:*

Версия до 4.2.4p7 (включая)

cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.2p4:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4p0:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4p1:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4p2:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4p3:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4p4:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4p5:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.4p6:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.13083

Средний

6.8 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2009-0159

ubuntu

около 16 лет назад

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

CVE-2009-0159

redhat

около 16 лет назад

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

CVE-2009-0159

debian

около 16 лет назад

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c ...

GHSA-wg77-pm57-j6rv

github

около 3 лет назад

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

ELSA-2009-1039

oracle-oval

около 16 лет назад

ELSA-2009-1039: ntp security update (IMPORTANT)

EPSS

Процентиль: 94%

0.13083

Средний

6.8 Medium

CVSS2

Дефекты

CWE-119