DSA-1801-1 ntp -- buffer overflowsID: oval:org.secpod.oval:def:600324 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0159 A buffer overflow in ntpq allow a remote NTP server to create a denial of service attack or to execute arbitrary code via a crafted response. CVE-2009-1252 A buffer overflow in ntpd allows a remote attacker to create a denial of service attack or to execute arbitrary code when the autokey functionality is enabled. For the old stable distribution , these problems have been fixed in version 4.2.2.p4+dfsg-2etch3. For the stable distribution , these problems have been fixed in version 4.2.4p4+dfsg-8lenny2. The unstable distribution will be fixed soon. We recommend that you upgrade your ntp package.
Platform: |
Debian 5.0 |
Debian 4.0 |