6.8

CVE-2009-0159

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NtpNtp Updaterc1 Version <= 4.2.4p7
NtpNtp Version4.0.72
NtpNtp Version4.0.73
NtpNtp Version4.0.90
NtpNtp Version4.0.91
NtpNtp Version4.0.92
NtpNtp Version4.0.93
NtpNtp Version4.0.94
NtpNtp Version4.0.95
NtpNtp Version4.0.96
NtpNtp Version4.0.97
NtpNtp Version4.0.98
NtpNtp Version4.0.99
NtpNtp Version4.1.0
NtpNtp Version4.1.2
NtpNtp Version4.2.0
NtpNtp Version4.2.2
NtpNtp Version4.2.2p1
NtpNtp Version4.2.2p2
NtpNtp Version4.2.2p3
NtpNtp Version4.2.2p4
NtpNtp Version4.2.4
NtpNtp Version4.2.4p0
NtpNtp Version4.2.4p1
NtpNtp Version4.2.4p2
NtpNtp Version4.2.4p3
NtpNtp Version4.2.4p4
NtpNtp Version4.2.4p5
NtpNtp Version4.2.4p6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.23% 0.959
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://secunia.com/advisories/35074
Vendor Advisory
http://support.apple.com/kb/HT3549
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
US Government Resource
http://www.vupen.com/english/advisories/2009/1297
Vendor Advisory
http://secunia.com/advisories/37471
Vendor Advisory
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://secunia.com/advisories/35416
Vendor Advisory
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc
http://bugs.pardus.org.tr/show_bug.cgi?id=9532
http://marc.info/?l=bugtraq&m=136482797910018&w=2
http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565
http://osvdb.org/53593
http://rhn.redhat.com/errata/RHSA-2009-1039.html
http://rhn.redhat.com/errata/RHSA-2009-1040.html
http://secunia.com/advisories/34608
Vendor Advisory
http://secunia.com/advisories/35137
Vendor Advisory
http://secunia.com/advisories/35138
Vendor Advisory
http://secunia.com/advisories/35166
Vendor Advisory
http://secunia.com/advisories/35169
Vendor Advisory
http://secunia.com/advisories/35253
Vendor Advisory
http://secunia.com/advisories/35308
Vendor Advisory
http://secunia.com/advisories/35336
Vendor Advisory
http://secunia.com/advisories/35630
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238
http://www.debian.org/security/2009/dsa-1801
http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:092
http://www.securityfocus.com/bid/34481
Patch
http://www.securitytracker.com/id?1022033
http://www.vupen.com/english/advisories/2009/0999
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=490617
https://exchange.xforce.ibmcloud.com/vulnerabilities/49838
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19392
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5411
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8386
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8665
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9634
https://rhn.redhat.com/errata/RHSA-2009-1651.html
https://support.ntp.org/bugs/show_bug.cgi?id=1144
Patch
https://usn.ubuntu.com/777-1/
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html