• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability

Bugtraq ID:	35017
Class:	Boundary Condition Error
CVE:	CVE-2009-1252
Remote:	Yes
Local:	No
Published:	May 18 2009 12:00AM
Updated:	Nov 21 2009 12:06AM
Credit:	This vulnerability was reported by Harland Stenn of isc.org, who in turn credits Chis Ries of CMU.
Vulnerable:	VMWare ESXi Server 4.0 VMWare ESXi Server 3.5 Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386 Ubuntu Ubuntu Linux 9.04 amd64 Ubuntu Ubuntu Linux 8.10 sparc Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu Ubuntu Linux 8.10 lpia Ubuntu Ubuntu Linux 8.10 i386 Ubuntu Ubuntu Linux 8.10 amd64 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux 12.2 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current S.u.S.E. SUSE Linux Enterprise Server 9 S.u.S.E. SLE 11 S.u.S.E. SLE 10 S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux Desktop 9 rPath rPath Linux 2 rPath rPath Linux 1 rPath Appliance Platform Linux Service 2 rPath Appliance Platform Linux Service 1 RedHat Fedora 9 0 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux EUS 5.3.z server RedHat Enterprise Linux ES 4 RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 Pardus Linux 2008 0 NTP NTPd 4.2.1 NTP NTPd 4.2 .0b NTP NTPd 4.2 .0a NTP NTPd 4.2 NTP NTPd 4.1 NTP NTPd 4.0 NTP NTPd 3.0 NTP NTP 4.2.4 p7-RC2 NTP NTP 4.2.4 p6 NTP NTP 4.2.4 p5 NetBSD NetBSD 4.0.1 NetBSD NetBSD 5.0 NetBSD NetBSD 4.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2009.1 x86_64 MandrakeSoft Linux Mandrake 2009.1 MandrakeSoft Linux Mandrake 2009.0 x86_64 MandrakeSoft Linux Mandrake 2009.0 MandrakeSoft Linux Mandrake 2008.1 x86_64 MandrakeSoft Linux Mandrake 2008.1 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux FreeBSD FreeBSD 7.2-STABLE FreeBSD FreeBSD 7.2-RELEASE-p1 FreeBSD FreeBSD 7.1-STABLE FreeBSD FreeBSD 7.1-RELEASE-p6 FreeBSD FreeBSD 6.4-RELEASE-p5 FreeBSD FreeBSD 6.4 -STABLE FreeBSD FreeBSD 6.3-RELEASE-p11 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 armel Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya Voice Portal 5.0 Avaya Voice Portal 4.0 Avaya SIP Enablement Services 3.1.2 Avaya SIP Enablement Services 3.1.1 Avaya SIP Enablement Services 5.0 Avaya SIP Enablement Services 4.0 Avaya Session Manager 1.1 Avaya Proactive Contact 4.1 Avaya Proactive Contact 4.0 Avaya Message Networking 3.1 Avaya Intuity AUDIX LX 2.0 SP2 Avaya Intuity AUDIX LX 2.0 SP1 Avaya Intuity AUDIX LX 2.0 Avaya Communication Manager 4.0.3 SP1 Avaya Communication Manager 3.1.4 SP2 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Communication Manager 2.0.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 + Avaya Communication Manager Server S8700 Avaya Communication Manager 2.0 Avaya Communication Manager 4.0 Avaya Communication Manager 3.1 Avaya Communication Manager 3.0 Avaya Communication Manager 2.2 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Communication Manager 2.1 Avaya AES 4.0
Not Vulnerable:	NTP NTP 4.2.5 p74 NTP NTP 4.2.4 p7