DSA-1801-1 ntp -- buffer overflows
|ID: oval:org.secpod.oval:def:600324||Date: (C)2011-05-13 (M)2017-10-04|
|Class: PATCH||Family: unix|
Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0159 A buffer overflow in ntpq allow a remote NTP server to create a denial of service attack or to execute arbitrary code via a crafted response. CVE-2009-1252 A buffer overflow in ntpd allows a remote attacker to create a denial of service attack or to execute arbitrary code when the autokey functionality is enabled. For the old stable distribution , these problems have been fixed in version 4.2.2.p4+dfsg-2etch3. For the stable distribution , these problems have been fixed in version 4.2.4p4+dfsg-8lenny2. The unstable distribution will be fixed soon. We recommend that you upgrade your ntp package.