Vulnerability-Lookup

CVE-2009-1252 (GCVE-0-2009-1252)

Vulnerability from cvelistv5 – Published: 2009-05-19 19:00 – Updated: 2024-08-07 05:04

Summary

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://usn.ubuntu.com/777-1/	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/35137	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35166	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/37470	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35388	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35243	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/37471	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1801	vendor-advisoryx_refsource_DEBIAN
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/35308	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35253	third-party-advisoryx_refsource_SECUNIA
	https://support.ntp.org/bugs/show_bug.cgi?id=1151	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1022243	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/35138	third-party-advisoryx_refsource_SECUNIA
	http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/35630	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/507985/100…	mailing-listx_refsource_BUGTRAQ
	https://launchpad.net/bugs/cve/2009-1252	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://bugzilla.redhat.com/show_bug.cgi?id=499694	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/35017	vdb-entryx_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2009-1040.html	vendor-advisoryx_refsource_REDHAT
	http://security.freebsd.org/advisories/FreeBSD-SA…	vendor-advisoryx_refsource_FREEBSD
	http://secunia.com/advisories/35416	third-party-advisoryx_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/853097	third-party-advisoryx_refsource_CERT-VN
	http://secunia.com/advisories/35336	third-party-advisoryx_refsource_SECUNIA
	ftp://ftp.netbsd.org/pub/NetBSD/security/advisori…	vendor-advisoryx_refsource_NETBSD
	http://rhn.redhat.com/errata/RHSA-2009-1039.html	vendor-advisoryx_refsource_REDHAT
	http://www.vupen.com/english/advisories/2009/1361	vdb-entryx_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/35169	third-party-advisoryx_refsource_SECUNIA
	http://www.gentoo.org/security/en/glsa/glsa-20090…	vendor-advisoryx_refsource_GENTOO
	http://www.vupen.com/english/advisories/2009/3316	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:49.300Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-777-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/777-1/"
          },
          {
            "name": "35137",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35137"
          },
          {
            "name": "35166",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35166"
          },
          {
            "name": "37470",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37470"
          },
          {
            "name": "35388",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35388"
          },
          {
            "name": "35243",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35243"
          },
          {
            "name": "37471",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "name": "DSA-1801",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1801"
          },
          {
            "name": "FEDORA-2009-5275",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
          },
          {
            "name": "35308",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35308"
          },
          {
            "name": "35253",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35253"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
          },
          {
            "name": "MDVSA-2009:117",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
          },
          {
            "name": "1022243",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022243"
          },
          {
            "name": "35138",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35138"
          },
          {
            "name": "SSA:2009-154-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
          },
          {
            "name": "FEDORA-2009-5273",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
          },
          {
            "name": "SUSE-SR:2009:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
          },
          {
            "name": "FEDORA-2009-5674",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
          },
          {
            "name": "35630",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35630"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.net/bugs/cve/2009-1252"
          },
          {
            "name": "oval:org.mitre.oval:def:11231",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
          },
          {
            "name": "35017",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35017"
          },
          {
            "name": "RHSA-2009:1040",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
          },
          {
            "name": "FreeBSD-SA-09:11",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
          },
          {
            "name": "35416",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35416"
          },
          {
            "name": "VU#853097",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/853097"
          },
          {
            "name": "35336",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35336"
          },
          {
            "name": "NetBSD-SA2009-006",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
          },
          {
            "name": "RHSA-2009:1039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
          },
          {
            "name": "ADV-2009-1361",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1361"
          },
          {
            "name": "oval:org.mitre.oval:def:6307",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
          },
          {
            "name": "35169",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35169"
          },
          {
            "name": "GLSA-200905-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
          },
          {
            "name": "ADV-2009-3316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-777-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/777-1/"
        },
        {
          "name": "35137",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35137"
        },
        {
          "name": "35166",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35166"
        },
        {
          "name": "37470",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37470"
        },
        {
          "name": "35388",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35388"
        },
        {
          "name": "35243",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35243"
        },
        {
          "name": "37471",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37471"
        },
        {
          "name": "DSA-1801",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1801"
        },
        {
          "name": "FEDORA-2009-5275",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
        },
        {
          "name": "35308",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35308"
        },
        {
          "name": "35253",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35253"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
        },
        {
          "name": "MDVSA-2009:117",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
        },
        {
          "name": "1022243",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022243"
        },
        {
          "name": "35138",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35138"
        },
        {
          "name": "SSA:2009-154-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
        },
        {
          "name": "FEDORA-2009-5273",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
        },
        {
          "name": "SUSE-SR:2009:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
        },
        {
          "name": "FEDORA-2009-5674",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
        },
        {
          "name": "35630",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35630"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.net/bugs/cve/2009-1252"
        },
        {
          "name": "oval:org.mitre.oval:def:11231",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
        },
        {
          "name": "35017",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35017"
        },
        {
          "name": "RHSA-2009:1040",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
        },
        {
          "name": "FreeBSD-SA-09:11",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
        },
        {
          "name": "35416",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35416"
        },
        {
          "name": "VU#853097",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/853097"
        },
        {
          "name": "35336",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35336"
        },
        {
          "name": "NetBSD-SA2009-006",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
        },
        {
          "name": "RHSA-2009:1039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
        },
        {
          "name": "ADV-2009-1361",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1361"
        },
        {
          "name": "oval:org.mitre.oval:def:6307",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
        },
        {
          "name": "35169",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35169"
        },
        {
          "name": "GLSA-200905-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
        },
        {
          "name": "ADV-2009-3316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3316"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1252",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-777-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/777-1/"
            },
            {
              "name": "35137",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35137"
            },
            {
              "name": "35166",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35166"
            },
            {
              "name": "37470",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37470"
            },
            {
              "name": "35388",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35388"
            },
            {
              "name": "35243",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35243"
            },
            {
              "name": "37471",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37471"
            },
            {
              "name": "DSA-1801",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1801"
            },
            {
              "name": "FEDORA-2009-5275",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
            },
            {
              "name": "35308",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35308"
            },
            {
              "name": "35253",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35253"
            },
            {
              "name": "https://support.ntp.org/bugs/show_bug.cgi?id=1151",
              "refsource": "CONFIRM",
              "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
            },
            {
              "name": "MDVSA-2009:117",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
            },
            {
              "name": "1022243",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022243"
            },
            {
              "name": "35138",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35138"
            },
            {
              "name": "SSA:2009-154-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
            },
            {
              "name": "FEDORA-2009-5273",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
            },
            {
              "name": "SUSE-SR:2009:011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
            },
            {
              "name": "FEDORA-2009-5674",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
            },
            {
              "name": "35630",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35630"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "https://launchpad.net/bugs/cve/2009-1252",
              "refsource": "MISC",
              "url": "https://launchpad.net/bugs/cve/2009-1252"
            },
            {
              "name": "oval:org.mitre.oval:def:11231",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=499694",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
            },
            {
              "name": "35017",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35017"
            },
            {
              "name": "RHSA-2009:1040",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
            },
            {
              "name": "FreeBSD-SA-09:11",
              "refsource": "FREEBSD",
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
            },
            {
              "name": "35416",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35416"
            },
            {
              "name": "VU#853097",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/853097"
            },
            {
              "name": "35336",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35336"
            },
            {
              "name": "NetBSD-SA2009-006",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
            },
            {
              "name": "RHSA-2009:1039",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
            },
            {
              "name": "ADV-2009-1361",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1361"
            },
            {
              "name": "oval:org.mitre.oval:def:6307",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
            },
            {
              "name": "35169",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35169"
            },
            {
              "name": "GLSA-200905-08",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1252",
    "datePublished": "2009-05-19T19:00:00.000Z",
    "dateReserved": "2009-04-07T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:04:49.300Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-513

Vulnerability from certfr_avis - Published: 2009-11-24 - Updated: 2009-11-24

Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système vulnérable ou encore d'entraver son bon fonctionnement.

Description

Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Server 2.x ;
VMware	ESXi	VMware ESXi 3.x ;
VMware	N/A	VMware vMA 4.x.
VMware	N/A	VMware ESX Server 4.x ;
VMware	N/A	VMware ESX Server 2.x ;
VMware	N/A	VMware ESX Server 3.x ;
VMware	ESXi	VMware ESXi 4.x ;
VMware	vCenter Server	VMware vCenter Server 4.x ;
VMware	N/A	VMware VirtualCenter 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 20 novembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 3.x ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vMA 4.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 4.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 4.x ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server 4.x ;",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VirtualCenter 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2724"
    },
    {
      "name": "CVE-2009-0676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0676"
    },
    {
      "name": "CVE-2009-2721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2721"
    },
    {
      "name": "CVE-2008-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3143"
    },
    {
      "name": "CVE-2009-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2692"
    },
    {
      "name": "CVE-2009-2406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2406"
    },
    {
      "name": "CVE-2009-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1389"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2009-1106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1106"
    },
    {
      "name": "CVE-2009-1072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1072"
    },
    {
      "name": "CVE-2008-4307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4307"
    },
    {
      "name": "CVE-2009-1104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1104"
    },
    {
      "name": "CVE-2009-2407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2407"
    },
    {
      "name": "CVE-2008-3142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3142"
    },
    {
      "name": "CVE-2009-1101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1101"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-1385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1385"
    },
    {
      "name": "CVE-2009-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0746"
    },
    {
      "name": "CVE-2009-2673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2673"
    },
    {
      "name": "CVE-2007-5966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5966"
    },
    {
      "name": "CVE-2009-2719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2719"
    },
    {
      "name": "CVE-2008-4864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4864"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    },
    {
      "name": "CVE-2009-1439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1439"
    },
    {
      "name": "CVE-2009-0322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0322"
    },
    {
      "name": "CVE-2009-1895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1895"
    },
    {
      "name": "CVE-2009-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1094"
    },
    {
      "name": "CVE-2009-0748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0748"
    },
    {
      "name": "CVE-2008-3144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3144"
    },
    {
      "name": "CVE-2009-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0747"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2009-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1095"
    },
    {
      "name": "CVE-2009-2672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2672"
    },
    {
      "name": "CVE-2009-0675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0675"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2009-2670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2670"
    },
    {
      "name": "CVE-2009-1102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1102"
    },
    {
      "name": "CVE-2009-1630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1630"
    },
    {
      "name": "CVE-2009-0269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0269"
    },
    {
      "name": "CVE-2008-3528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3528"
    },
    {
      "name": "CVE-2008-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5031"
    },
    {
      "name": "CVE-2008-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1721"
    },
    {
      "name": "CVE-2009-1388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1388"
    },
    {
      "name": "CVE-2009-1192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1192"
    },
    {
      "name": "CVE-2009-2720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2720"
    },
    {
      "name": "CVE-2009-0834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0834"
    },
    {
      "name": "CVE-2009-2671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2671"
    },
    {
      "name": "CVE-2009-2848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2848"
    },
    {
      "name": "CVE-2009-2675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2675"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2009-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0778"
    },
    {
      "name": "CVE-2009-2625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2625"
    },
    {
      "name": "CVE-2009-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1099"
    },
    {
      "name": "CVE-2009-1252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1252"
    },
    {
      "name": "CVE-2009-2698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2698"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-2723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2723"
    },
    {
      "name": "CVE-2009-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1107"
    },
    {
      "name": "CVE-2009-2716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2716"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2009-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1105"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2009-0028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0028"
    },
    {
      "name": "CVE-2009-1337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1337"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2007-2052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2052"
    },
    {
      "name": "CVE-2009-1336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1336"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2007-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965"
    },
    {
      "name": "CVE-2009-1633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1633"
    },
    {
      "name": "CVE-2009-2722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2722"
    },
    {
      "name": "CVE-2008-5700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5700"
    },
    {
      "name": "CVE-2009-1103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1103"
    },
    {
      "name": "CVE-2009-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1100"
    },
    {
      "name": "CVE-2009-2676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2676"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2009-1096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1096"
    },
    {
      "name": "CVE-2009-1098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1098"
    },
    {
      "name": "CVE-2009-0787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0787"
    },
    {
      "name": "CVE-2008-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1887"
    },
    {
      "name": "CVE-2009-1097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1097"
    },
    {
      "name": "CVE-2009-2847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2847"
    },
    {
      "name": "CVE-2008-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2315"
    },
    {
      "name": "CVE-2009-0696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0696"
    },
    {
      "name": "CVE-2009-2718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2718"
    },
    {
      "name": "CVE-2009-0745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0745"
    },
    {
      "name": "CVE-2009-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1093"
    }
  ],
  "initial_release_date": "2009-11-24T00:00:00",
  "last_revision_date": "2009-11-24T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-513",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me vuln\u00e9rable ou encore d\u0027entraver son bon\nfonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 20 novembre 2009",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000070.html"
    }
  ]
}

CERTA-2009-AVI-195

Vulnerability from certfr_avis - Published: 2009-05-19 - Updated: 2009-06-11

Des vulnérabilités ont été identifiées dans le démon en charge de la maintenance et la synchronisation de l'heure ntpd. Elles peuvent être exploitées à distance par le biais de trames spécialement construites afin de perturber le service, voire d'exécuter du code arbitraire.

Description

Des vulnérabilités ont été identifiées dans le démon en charge de la maintenance et la synchronisation de l'heure ntpd.

l'une d'elles fonctionne lorsque l'authentification NTP est activée (support OpenSSL). Des requêtes spécialement construites peuvent être incorrectement manipulées par la fonction crypto_rcv() de ntpd/ntp_crypto.c lorsque l'option autokey est utilisée (cette option est visible dans le fichier de configuration ntp.conf avec la présence de la ligne contenant "crypto pw XXX") ;
des réponses provoquées par l'utilisation de la commande de diagnostic ntpq ne seraient pas correctement manipulées.

Ces vulnérabilités peuvent être exploitées à distance par le biais de trames spécialement construites afin de perturber le service, voire d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions de ntp antérieures à 4.2.4p7.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Red Hat RHSA-2009-1039 du 18 mai 2009	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2009:1040 du 18 mai 2009 :	-	other
Site officiel de téléchargement du projet ntp :	-	other
Note de vulnérabilité de l'US-CERT VU#853097 du 18 mai 2009 :	-	other
Bulletin de sécurité RedHat RHSA-2009:1039 du 18 mai 2009 :	-	other
Site présentant l'outil de diagnostic ntpq associé à ntpd :	-	other
Bulletin de sécurité FreeBSD SA-09:09.ntpd du 10 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes versions de ntp ant\u00e9rieures \u00e0 4.2.4p7.\u003c/P\u003e",
  "content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le d\u00e9mon en charge de la\nmaintenance et la synchronisation de l\u0027heure ntpd.\n\n-   l\u0027une d\u0027elles fonctionne lorsque l\u0027authentification NTP est activ\u00e9e\n    (support OpenSSL). Des requ\u00eates sp\u00e9cialement construites peuvent\n    \u00eatre incorrectement manipul\u00e9es par la fonction crypto_rcv() de\n    ntpd/ntp_crypto.c lorsque l\u0027option autokey est utilis\u00e9e (cette\n    option est visible dans le fichier de configuration ntp.conf avec la\n    pr\u00e9sence de la ligne contenant \"crypto pw XXX\")\u00a0;\n-   des r\u00e9ponses provoqu\u00e9es par l\u0027utilisation de la commande de\n    diagnostic ntpq ne seraient pas correctement manipul\u00e9es.\n\nCes vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es \u00e0 distance par le biais de\ntrames sp\u00e9cialement construites afin de perturber le service, voire\nd\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2009-1252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1252"
    }
  ],
  "initial_release_date": "2009-05-19T00:00:00",
  "last_revision_date": "2009-06-11T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2009:1040 du 18 mai 2009 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
    },
    {
      "title": "Site officiel de t\u00e9l\u00e9chargement du projet ntp\u00a0:",
      "url": "http://www.ntp.org/downloads.html"
    },
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#853097 du 18 mai 2009    :",
      "url": "http://www.kb.cert.org/vuls/id/853097"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2009:1039 du 18 mai 2009 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
    },
    {
      "title": "Site pr\u00e9sentant l\u0027outil de diagnostic ntpq associ\u00e9 \u00e0    ntpd\u00a0:",
      "url": "http://www.cis.undel.edu/~mills/ntp/html/ntpq.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD SA-09:09.ntpd du 10 juin 2009    :",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:09.ntpd.asc"
    }
  ],
  "reference": "CERTA-2009-AVI-195",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-19T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 FreeBSD.",
      "revision_date": "2009-06-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le d\u00e9mon en charge de la\nmaintenance et la synchronisation de l\u0027heure ntpd. Elles peuvent \u00eatre\nexploit\u00e9es \u00e0 distance par le biais de trames sp\u00e9cialement construites\nafin de perturber le service, voire d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans ntpd",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2009-1039 du 18 mai 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-292

Vulnerability from certfr_avis - Published: 2009-07-27 - Updated: 2010-03-26

Deux vulnérabilités découvertes dans la mise en œuvre du service NTP dans HP-UX permettent à un utilisateur malintentionné de provoquer un déni de service ou d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité de type débordement de mémoire est présente dans la fonction cookedprint(). Elle peut être exploitée au moyen d'un paquet spécialement construit afin de provoquer un déni de service ou d'exécuter du code arbitraire.

Une seconde vulnérabilité de type débordement de mémoire présente dans la fonction crypto_recv() peut être exploitée à distance au moyen d'un paquet spécialement construit envoyé au démon xntpd.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	HP-UX 11.x.

References

Title

Publication Time

Tags

Bulletin de sécurité HP #c01763606 du 21 juillet 2009	None	vendor-advisory
Avis de sécurité CERTA-2009-AVI-195 du 19 mai 2009 :	-	other
Bulletin de sécurité HP #c01961959 du 23 mars 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP-UX 11.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire est pr\u00e9sente dans la\nfonction cookedprint(). Elle peut \u00eatre exploit\u00e9e au moyen d\u0027un paquet\nsp\u00e9cialement construit afin de provoquer un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitraire.\n\nUne seconde vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire pr\u00e9sente dans\nla fonction crypto_recv() peut \u00eatre exploit\u00e9e \u00e0 distance au moyen d\u0027un\npaquet sp\u00e9cialement construit envoy\u00e9 au d\u00e9mon xntpd.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2009-1252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1252"
    }
  ],
  "initial_release_date": "2009-07-27T00:00:00",
  "last_revision_date": "2010-03-26T00:00:00",
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 CERTA-2009-AVI-195 du 19 mai 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-195/CERTA-2009-AVI-195.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP #c01961959 du 23 mars 2010 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document/.jsp?objectID=c01961959"
    }
  ],
  "reference": "CERTA-2009-AVI-292",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-07-27T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 HP #01961959.",
      "revision_date": "2010-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans la mise en \u0153uvre du service NTP\ndans HP-UX permettent \u00e0 un utilisateur malintentionn\u00e9 de provoquer un\nd\u00e9ni de service ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans HP-UX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP #c01763606 du 21 juillet 2009",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document/.jsp?objectID=c01763606"
    }
  ]
}

FKIE_CVE-2009-1252

Vulnerability from fkie_nvd - Published: 2009-05-19 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2009-1039.html	Patch
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2009-1040.html	Patch
cve@mitre.org	http://secunia.com/advisories/35137
cve@mitre.org	http://secunia.com/advisories/35138
cve@mitre.org	http://secunia.com/advisories/35166
cve@mitre.org	http://secunia.com/advisories/35169
cve@mitre.org	http://secunia.com/advisories/35243
cve@mitre.org	http://secunia.com/advisories/35253
cve@mitre.org	http://secunia.com/advisories/35308
cve@mitre.org	http://secunia.com/advisories/35336
cve@mitre.org	http://secunia.com/advisories/35388
cve@mitre.org	http://secunia.com/advisories/35416
cve@mitre.org	http://secunia.com/advisories/35630
cve@mitre.org	http://secunia.com/advisories/37470
cve@mitre.org	http://secunia.com/advisories/37471
cve@mitre.org	http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc
cve@mitre.org	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092
cve@mitre.org	http://www.debian.org/security/2009/dsa-1801
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml
cve@mitre.org	http://www.kb.cert.org/vuls/id/853097	US Government Resource
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:117
cve@mitre.org	http://www.securityfocus.com/archive/1/507985/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/35017
cve@mitre.org	http://www.securitytracker.com/id?1022243
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1361
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3316
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=499694	Patch
cve@mitre.org	https://launchpad.net/bugs/cve/2009-1252
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307
cve@mitre.org	https://support.ntp.org/bugs/show_bug.cgi?id=1151
cve@mitre.org	https://usn.ubuntu.com/777-1/
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2009-1039.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2009-1040.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35137
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35138
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35166
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35169
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35243
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35253
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35308
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35336
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35388
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35416
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35630
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37470
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37471
af854a3a-2127-422b-91ae-364da2661108	http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1801
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/853097	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:117
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35017
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022243
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1361
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3316
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=499694	Patch
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.net/bugs/cve/2009-1252
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307
af854a3a-2127-422b-91ae-364da2661108	https://support.ntp.org/bugs/show_bug.cgi?id=1151
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/777-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html

Impacted products

Vendor	Product	Version
ntp	ntp	4.2.4p0
ntp	ntp	4.2.4p1
ntp	ntp	4.2.4p2
ntp	ntp	4.2.4p3
ntp	ntp	4.2.4p4
ntp	ntp	4.2.4p5
ntp	ntp	4.2.4p6
ntp	ntp	4.2.5p0
ntp	ntp	4.2.5p1
ntp	ntp	4.2.5p2
ntp	ntp	4.2.5p3
ntp	ntp	4.2.5p4
ntp	ntp	4.2.5p5
ntp	ntp	4.2.5p6
ntp	ntp	4.2.5p7
ntp	ntp	4.2.5p8
ntp	ntp	4.2.5p9
ntp	ntp	4.2.5p10
ntp	ntp	4.2.5p11
ntp	ntp	4.2.5p12
ntp	ntp	4.2.5p13
ntp	ntp	4.2.5p14
ntp	ntp	4.2.5p15
ntp	ntp	4.2.5p16
ntp	ntp	4.2.5p17
ntp	ntp	4.2.5p18
ntp	ntp	4.2.5p19
ntp	ntp	4.2.5p20
ntp	ntp	4.2.5p21
ntp	ntp	4.2.5p23
ntp	ntp	4.2.5p24
ntp	ntp	4.2.5p25
ntp	ntp	4.2.5p26
ntp	ntp	4.2.5p27
ntp	ntp	4.2.5p28
ntp	ntp	4.2.5p29
ntp	ntp	4.2.5p30
ntp	ntp	4.2.5p31
ntp	ntp	4.2.5p32
ntp	ntp	4.2.5p33
ntp	ntp	4.2.5p35
ntp	ntp	4.2.5p36
ntp	ntp	4.2.5p37
ntp	ntp	4.2.5p38
ntp	ntp	4.2.5p39
ntp	ntp	4.2.5p40
ntp	ntp	4.2.5p41
ntp	ntp	4.2.5p42
ntp	ntp	4.2.5p43
ntp	ntp	4.2.5p44
ntp	ntp	4.2.5p45
ntp	ntp	4.2.5p46
ntp	ntp	4.2.5p47
ntp	ntp	4.2.5p48
ntp	ntp	4.2.5p49
ntp	ntp	4.2.5p50
ntp	ntp	4.2.5p51
ntp	ntp	4.2.5p52
ntp	ntp	4.2.5p53
ntp	ntp	4.2.5p54
ntp	ntp	4.2.5p55
ntp	ntp	4.2.5p56
ntp	ntp	4.2.5p57
ntp	ntp	4.2.5p58
ntp	ntp	4.2.5p59
ntp	ntp	4.2.5p60
ntp	ntp	4.2.5p61
ntp	ntp	4.2.5p62
ntp	ntp	4.2.5p63
ntp	ntp	4.2.5p64
ntp	ntp	4.2.5p65
ntp	ntp	4.2.5p66
ntp	ntp	4.2.5p67
ntp	ntp	4.2.5p68
ntp	ntp	4.2.5p69
ntp	ntp	4.2.5p70
ntp	ntp	4.2.5p71
ntp	ntp	4.2.5p73

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA843BCD-372A-42F5-A8C0-1AD32FA9E94C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B980A178-2958-4B36-8AD8-3932B12C5A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D65210A-F80E-4019-91DA-49838369E03F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29FAB224-3493-4273-A655-10BE44F5B5BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "093F0DD2-9E88-4138-AFF5-69105E7F2C92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3590927-E242-411D-822A-33337D6B8A4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "20FCD55C-D4A8-4544-81AF-C920B3B48A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p0:*:*:*:*:*:*:*",
              "matchCriteriaId": "881ED983-01B5-4A02-B671-8744EC0E1904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3897870-1724-4018-8F77-122548022535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7012720C-D4BD-40C5-8521-6859BE46DDDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8474ADA-F2A8-494D-BB6F-6EA4D4B865B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FFC396E-2E5C-4576-94D3-96C619523CA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F55042-5CA1-453E-A786-A8B346C02BC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C5930E-7792-4940-9EC3-CD5AE78D51B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "87004177-C6F2-4057-919D-20D91D01A8B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01570E4-447A-4F60-BD5C-40D201A464F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p9:*:*:*:*:*:*:*",
              "matchCriteriaId": "440B4315-C7B3-4930-BD4D-B55BD3EEEE9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p10:*:*:*:*:*:*:*",
              "matchCriteriaId": "760050D5-5F8E-41CE-98DA-31E5BFB8A6C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p11:*:*:*:*:*:*:*",
              "matchCriteriaId": "96E4FED4-A7F0-44C0-9405-1AB07D9B0079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p12:*:*:*:*:*:*:*",
              "matchCriteriaId": "78977FE3-FF1E-47CA-9B97-3E6EC18894B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p13:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E24A99-575E-42EB-9463-29021A33C914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p14:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBB88D29-930C-4552-889D-4DBF23EC3760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EE5C4-594E-4004-A8BC-AD4D3608FF35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p16:*:*:*:*:*:*:*",
              "matchCriteriaId": "16009504-A8ED-43E9-A7F9-E8E1628449BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A4A86DA-E8CB-44B5-9E7D-A69A149FAF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F918DA-D4F3-4016-861E-78A8A00F9FEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p19:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD908ABD-5A18-436B-830B-7F252E22B3CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8152815-3510-4FE7-A8B9-51EB857D7262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p21:*:*:*:*:*:*:*",
              "matchCriteriaId": "C03D4FCB-A0CE-45EA-80FC-523F388E51A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p23:*:*:*:*:*:*:*",
              "matchCriteriaId": "86CBFD14-8B03-4F0D-8B0F-670629334D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p24:*:*:*:*:*:*:*",
              "matchCriteriaId": "656E046B-C3F2-4DD5-B3C2-C60ACEBC808C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p25:*:*:*:*:*:*:*",
              "matchCriteriaId": "014A6026-C4B9-4E09-9170-059D1FD8D95A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p26:*:*:*:*:*:*:*",
              "matchCriteriaId": "51BAB21E-C818-492A-A537-EFDF57E412EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p27:*:*:*:*:*:*:*",
              "matchCriteriaId": "92CACCD1-DF24-4226-A891-6FD7EBB0E57C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p28:*:*:*:*:*:*:*",
              "matchCriteriaId": "824DE9A3-5ABF-4E9F-985D-0633893CAECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p29:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A27E0EA-38B8-49F0-818B-BB4CAA7EF7B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p30:*:*:*:*:*:*:*",
              "matchCriteriaId": "8347419F-6B7F-4BA6-B03C-3A52E5F7148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p31:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D73277-B636-4F50-88F0-A79278EB6AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p32:*:*:*:*:*:*:*",
              "matchCriteriaId": "4701E3A4-FE51-4A48-8ABB-67DFE815BBFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p33:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A2E5F24-1242-4819-8787-4F2EB9E97C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p35:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD55122C-2983-4193-BC46-6269A348EC5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p36:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4199168-912C-4702-801C-A36394ED494B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p37:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D89067A-7F24-458A-AD6F-ADFB92C24F93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p38:*:*:*:*:*:*:*",
              "matchCriteriaId": "362FDB7C-EA5E-480D-96FB-2BCEF7F4E64A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p39:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC3E2B20-E6B7-47DB-8A02-CAAF6C2B1597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p40:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F3B4EA-053B-4A25-88F8-A788F88488A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p41:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B31D93-005E-498A-8935-EC31DC104B18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p42:*:*:*:*:*:*:*",
              "matchCriteriaId": "125D14D2-3443-46E6-AC58-967683604B2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p43:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2969C79-0B8F-4759-9978-7432BA388ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p44:*:*:*:*:*:*:*",
              "matchCriteriaId": "485E789D-B602-477E-BD10-0054AEE98D69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p45:*:*:*:*:*:*:*",
              "matchCriteriaId": "83284150-1E06-45B0-BD75-7BE895EB99B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p46:*:*:*:*:*:*:*",
              "matchCriteriaId": "3298B973-D08A-44A6-AD60-0E18A9FF55AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p47:*:*:*:*:*:*:*",
              "matchCriteriaId": "06314717-CF64-4269-A049-F70396CA000A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p48:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF909823-66E7-49AE-9385-DCDA7CD5EB51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p49:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4FE8C8E-6051-4DB8-B03B-6EF211992545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p50:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1FF094E-49CA-41BB-A568-2BA49D770270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p51:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE0D9B6F-3838-40ED-9998-89E66EEA79EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p52:*:*:*:*:*:*:*",
              "matchCriteriaId": "8076E3B3-57DA-425A-9CBD-426ADE3735F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p53:*:*:*:*:*:*:*",
              "matchCriteriaId": "E66A89E0-B31A-4469-859C-6C323399A706",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p54:*:*:*:*:*:*:*",
              "matchCriteriaId": "6813F72B-4D8B-4903-BCB7-5A0EDE288B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p55:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F8F957C-632F-4E5D-82E3-B3DF6572C924",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p56:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC1DBF1-C2EE-4241-A50F-40E837B84C40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p57:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7826192-660B-49AC-B1B8-BD799712DF55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p58:*:*:*:*:*:*:*",
              "matchCriteriaId": "3443D451-1845-4440-AFB8-D6432585CBF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p59:*:*:*:*:*:*:*",
              "matchCriteriaId": "88C81B35-94C8-4881-B2FA-AF8214AAEBF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p60:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D3BDB8B-21E7-45EB-B39A-8822B64196ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p61:*:*:*:*:*:*:*",
              "matchCriteriaId": "808929AC-EC57-49FF-9FCC-FE593743EE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p62:*:*:*:*:*:*:*",
              "matchCriteriaId": "28C8CE4D-6C53-490E-8223-A6A4EEEA2CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p63:*:*:*:*:*:*:*",
              "matchCriteriaId": "C49B2C1E-5653-4DA9-96A1-8E84A0AAB95E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p64:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DCD5198-26B4-4334-8077-916EA21F0760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p65:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD533741-97B8-4726-A7C4-4B7D0723817E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p66:*:*:*:*:*:*:*",
              "matchCriteriaId": "0336E989-FB7F-49CC-9FC9-F10B5C6716CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p67:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CD72509-2E02-4C18-8AB1-7FAB7016EB34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p68:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD88BB1-C82A-4021-BEA3-40B23CA2A5CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p69:*:*:*:*:*:*:*",
              "matchCriteriaId": "79740F38-3210-4AF2-80C7-692DA5C5E315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p70:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A1FB0C1-3A68-41A3-9290-1CAA09042716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p71:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA193DE-E94C-4229-8FBC-1E35884F310B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p73:*:*:*:*:*:*:*",
              "matchCriteriaId": "C76D8727-2324-4A2B-B73A-99E452FD07E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n crypto_recv en ntp_crypto.c en ntpd en NTP anteriores a v4.2.4p7 y v4.2.5 anterior a v4.2.5p74, cuando OpenSSL y autokey est\u00e1n activados, permite a atacantes remotos ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de paquetes manipulados que contienen un campo de extension."
    }
  ],
  "id": "CVE-2009-1252",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-05-19T19:30:00.670",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35137"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35138"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35166"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35169"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35243"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35253"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35308"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35336"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35388"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35416"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35630"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37470"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1801"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/853097"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/35017"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022243"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/1361"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://launchpad.net/bugs/cve/2009-1252"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/777-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1801"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/853097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://launchpad.net/bugs/cve/2009-1252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/777-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-X2P2-G54C-2JQG

Vulnerability from github – Published: 2022-05-03 03:20 – Updated: 2022-05-03 03:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1252"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-05-19T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.",
  "id": "GHSA-x2p2-g54c-2jqg",
  "modified": "2022-05-03T03:20:25Z",
  "published": "2022-05-03T03:20:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1252"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.net/bugs/cve/2009-1252"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
    },
    {
      "type": "WEB",
      "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/777-1"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35137"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35138"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35166"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35169"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35243"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35253"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35308"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35336"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35388"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35416"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35630"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37470"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "type": "WEB",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1801"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/853097"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35017"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022243"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1361"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-1252

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-1252

Aliases

CVE-2009-1252

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1252",
    "description": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.",
    "id": "GSD-2009-1252",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-1252.html",
      "https://www.debian.org/security/2009/dsa-1801",
      "https://access.redhat.com/errata/RHSA-2009:1040",
      "https://access.redhat.com/errata/RHSA-2009:1039",
      "https://linux.oracle.com/cve/CVE-2009-1252.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1252"
      ],
      "details": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.",
      "id": "GSD-2009-1252",
      "modified": "2023-12-13T01:19:47.665342Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-1252",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "USN-777-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/777-1/"
          },
          {
            "name": "35137",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35137"
          },
          {
            "name": "35166",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35166"
          },
          {
            "name": "37470",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37470"
          },
          {
            "name": "35388",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35388"
          },
          {
            "name": "35243",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35243"
          },
          {
            "name": "37471",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "name": "DSA-1801",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2009/dsa-1801"
          },
          {
            "name": "FEDORA-2009-5275",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
          },
          {
            "name": "35308",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35308"
          },
          {
            "name": "35253",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35253"
          },
          {
            "name": "https://support.ntp.org/bugs/show_bug.cgi?id=1151",
            "refsource": "CONFIRM",
            "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
          },
          {
            "name": "MDVSA-2009:117",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
          },
          {
            "name": "1022243",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1022243"
          },
          {
            "name": "35138",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35138"
          },
          {
            "name": "SSA:2009-154-01",
            "refsource": "SLACKWARE",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
          },
          {
            "name": "FEDORA-2009-5273",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
          },
          {
            "name": "SUSE-SR:2009:011",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
          },
          {
            "name": "FEDORA-2009-5674",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
          },
          {
            "name": "35630",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35630"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "https://launchpad.net/bugs/cve/2009-1252",
            "refsource": "MISC",
            "url": "https://launchpad.net/bugs/cve/2009-1252"
          },
          {
            "name": "oval:org.mitre.oval:def:11231",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=499694",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
          },
          {
            "name": "35017",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/35017"
          },
          {
            "name": "RHSA-2009:1040",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
          },
          {
            "name": "FreeBSD-SA-09:11",
            "refsource": "FREEBSD",
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
          },
          {
            "name": "35416",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35416"
          },
          {
            "name": "VU#853097",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/853097"
          },
          {
            "name": "35336",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35336"
          },
          {
            "name": "NetBSD-SA2009-006",
            "refsource": "NETBSD",
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
          },
          {
            "name": "RHSA-2009:1039",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
          },
          {
            "name": "ADV-2009-1361",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1361"
          },
          {
            "name": "oval:org.mitre.oval:def:6307",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
          },
          {
            "name": "35169",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35169"
          },
          {
            "name": "GLSA-200905-08",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
          },
          {
            "name": "ADV-2009-3316",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.4p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.4p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p38:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p46:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p47:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p55:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p63:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p62:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p64:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p71:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p73:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.4p3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.4p4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p41:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p48:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p56:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p65:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p66:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.4p5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.4p6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p43:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p58:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p59:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p67:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p68:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.4p0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p44:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p45:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p60:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p61:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p69:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5p70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1252"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.net/bugs/cve/2009-1252",
              "refsource": "MISC",
              "tags": [],
              "url": "https://launchpad.net/bugs/cve/2009-1252"
            },
            {
              "name": "VU#853097",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/853097"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=499694",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
            },
            {
              "name": "RHSA-2009:1039",
              "refsource": "REDHAT",
              "tags": [
                "Patch"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
            },
            {
              "name": "RHSA-2009:1040",
              "refsource": "REDHAT",
              "tags": [
                "Patch"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
            },
            {
              "name": "https://support.ntp.org/bugs/show_bug.cgi?id=1151",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
            },
            {
              "name": "35017",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/35017"
            },
            {
              "name": "35137",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35137"
            },
            {
              "name": "1022243",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022243"
            },
            {
              "name": "MDVSA-2009:117",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
            },
            {
              "name": "ADV-2009-1361",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1361"
            },
            {
              "name": "DSA-1801",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2009/dsa-1801"
            },
            {
              "name": "35169",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35169"
            },
            {
              "name": "35166",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35166"
            },
            {
              "name": "GLSA-200905-08",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
            },
            {
              "name": "35253",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35253"
            },
            {
              "name": "35243",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35243"
            },
            {
              "name": "35138",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35138"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
            },
            {
              "name": "FEDORA-2009-5275",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
            },
            {
              "name": "FEDORA-2009-5273",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
            },
            {
              "name": "35308",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35308"
            },
            {
              "name": "SUSE-SR:2009:011",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
            },
            {
              "name": "35336",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35336"
            },
            {
              "name": "SSA:2009-154-01",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
            },
            {
              "name": "FreeBSD-SA-09:11",
              "refsource": "FREEBSD",
              "tags": [],
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
            },
            {
              "name": "35416",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35416"
            },
            {
              "name": "FEDORA-2009-5674",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
            },
            {
              "name": "35388",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35388"
            },
            {
              "name": "NetBSD-SA2009-006",
              "refsource": "NETBSD",
              "tags": [],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
            },
            {
              "name": "35630",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35630"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "name": "37470",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37470"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "37471",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37471"
            },
            {
              "name": "oval:org.mitre.oval:def:6307",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
            },
            {
              "name": "oval:org.mitre.oval:def:11231",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
            },
            {
              "name": "USN-777-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/777-1/"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T19:35Z",
      "publishedDate": "2009-05-19T19:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1252 (GCVE-0-2009-1252)

CERTA-2009-AVI-513

Description

Solution

CERTA-2009-AVI-195

Description

Solution

CERTA-2009-AVI-292

Description

Solution

FKIE_CVE-2009-1252

GHSA-X2P2-G54C-2JQG

GSD-2009-1252

Tags

Sightings

Nomenclature