Launchpad.net

CVE 2009-0159

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

Related bugs and status

CVE-2009-0159 (Candidate) is related to these bugs:

Bug #379482: Update ntpdate to fix vulnerabilities.

Summary				In	Importance	Status
	379482	Update ntpdate to fix vulnerabilities.		The Dell Mini Project	Undecided	Fix Released

Bug #517701: ntpd apparmor rule does not allow reading dhcp based config

Summary				In	Importance	Status
	517701	ntpd apparmor rule does not allow reading dhcp based config		ntp (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.pardus.org...
CONFIRM: https://support.ntp.or...
MANDRIVA: MDVSA-2009:092
BID: 34481
OSVDB: 53593
SECTRACK: 1022033
SECUNIA: 34608
VUPEN: ADV-2009-0999
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2009-05-12
CERT: TA09-133A
SECUNIA: 35074
VUPEN: ADV-2009-1297
CONFIRM: https://bugzilla.redha...
REDHAT: RHSA-2009:1039
REDHAT: RHSA-2009:1040
DEBIAN: DSA-1801
SECUNIA: 35137
SECUNIA: 35166
SECUNIA: 35169
FEDORA: FEDORA-2009-5273
FEDORA: FEDORA-2009-5275
GENTOO: GLSA-200905-08
SECUNIA: 35253
SECUNIA: 35138
SECUNIA: 35308
SUSE: SUSE-SR:2009:011
SECUNIA: 35336
SECUNIA: 35416
NETBSD: NetBSD-SA2009-006
SECUNIA: 35630
CONFIRM: http://www.vmware.com/...
SECUNIA: 37471
VUPEN: ADV-2009-3316
REDHAT: RHSA-2009:1651
CONFIRM: http://ntp.bkbits.net:...
HP: HPSBUX02859
HP: SSRT101144
SLACKWARE: SSA:2009-154-01
XF: ntp-cookedprint-bo(49838)
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-777-1
BUGTRAQ: 20091120 VMSA-2009-001...