Executive Summary

Summary
Title HP-UX Running XNTP, Remote Execution of Arbitrary Code
Informations
Name HPSBUX02437 SSRT090038 First vendor Publication 2009-07-21
Vendor HP Last vendor Modification 2009-08-11
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely to execute arbitrary code.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01763606

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11231
 
Oval ID: oval:org.mitre.oval:def:11231
Title: Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
Description: Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1252
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13106
 
Oval ID: oval:org.mitre.oval:def:13106
Title: USN-777-1 -- ntp vulnerabilities
Description: A stack-based buffer overflow was discovered in ntpq. If a user were tricked into connecting to a malicious ntp server, a remote attacker could cause a denial of service in ntpq, or possibly execute arbitrary code with the privileges of the user invoking the program. Chris Ries discovered a stack-based overflow in ntp. If ntp was configured to use autokey, a remote attacker could send a crafted packet to cause a denial of service, or possible execute arbitrary code
Family: unix Class: patch
Reference(s): USN-777-1
CVE-2009-0159
CVE-2009-1252
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13464
 
Oval ID: oval:org.mitre.oval:def:13464
Title: DSA-1801-1 ntp -- buffer overflows
Description: Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0159 A buffer overflow in ntpq allow a remote NTP server to create a denial of service attack or to execute arbitrary code via a crafted response. CVE-2009-1252 A buffer overflow in ntpd allows a remote attacker to create a denial of service attack or to execute arbitrary code when the autokey functionality is enabled. For the old stable distribution, these problems have been fixed in version 4.2.2.p4+dfsg-2etch3. For the stable distribution, these problems have been fixed in version 4.2.4p4+dfsg-8lenny2. The unstable distribution will be fixed soon. We recommend that you upgrade your ntp package.
Family: unix Class: patch
Reference(s): DSA-1801-1
CVE-2009-0159
CVE-2009-1252
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19392
 
Oval ID: oval:org.mitre.oval:def:19392
Title: HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
Description: Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0159
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22874
 
Oval ID: oval:org.mitre.oval:def:22874
Title: ELSA-2009:1039: ntp security update (Important)
Description: Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
Family: unix Class: patch
Reference(s): ELSA-2009:1039-01
CVE-2009-0159
CVE-2009-1252
Version: 13
Platform(s): Oracle Linux 5
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29463
 
Oval ID: oval:org.mitre.oval:def:29463
Title: RHSA-2009:1039 -- ntp security update (Important)
Description: An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:1039
CESA-2009:1039-CentOS 5
CVE-2009-0159
CVE-2009-1252
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5411
 
Oval ID: oval:org.mitre.oval:def:5411
Title: HP-UX Running XNTP, Remote Execution of Arbitrary Code
Description: Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0159
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6307
 
Oval ID: oval:org.mitre.oval:def:6307
Title: HP-UX Running XNTP, Remote Execution of Arbitrary Code
Description: Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1252
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8042
 
Oval ID: oval:org.mitre.oval:def:8042
Title: DSA-1801 ntp -- buffer overflows
Description: Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation. The Common Vulnerabilities and Exposures project identifies the following problems: A buffer overflow in ntpq allow a remote NTP server to create a denial of service attack or to execute arbitrary code via a crafted response. A buffer overflow in ntpd allows a remote attacker to create a denial of service attack or to execute arbitrary code when the autokey functionality is enabled.
Family: unix Class: patch
Reference(s): DSA-1801
CVE-2009-0159
CVE-2009-1252
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8386
 
Oval ID: oval:org.mitre.oval:def:8386
Title: VMware ntpq stack-based buffer overflow vulnerability
Description: Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0159
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8665
 
Oval ID: oval:org.mitre.oval:def:8665
Title: VMware ntpd stack-based buffer overflow vulnerability
Description: Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0159
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9634
 
Oval ID: oval:org.mitre.oval:def:9634
Title: Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Description: Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0159
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 122

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for ntp CESA-2009:1651 centos3 i386
File : nvt/gb_CESA-2009_1651_ntp_centos3_i386.nasl
2011-08-09 Name : CentOS Update for ntp CESA-2009:1039 centos5 i386
File : nvt/gb_CESA-2009_1039_ntp_centos5_i386.nasl
2010-05-12 Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002
File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2009-12-14 Name : RedHat Security Advisory RHSA-2009:1651
File : nvt/RHSA_2009_1651.nasl
2009-12-14 Name : Fedora Core 11 FEDORA-2009-13090 (ntp)
File : nvt/fcore_2009_13090.nasl
2009-12-14 Name : Fedora Core 10 FEDORA-2009-13121 (ntp)
File : nvt/fcore_2009_13121.nasl
2009-12-14 Name : CentOS Security Advisory CESA-2009:1651 (ntp)
File : nvt/ovcesa2009_1651.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:309 (ntp)
File : nvt/mdksa_2009_309.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : Solaris Update for usr/sbin/ntpq 141396-01
File : nvt/gb_solaris_141396_01.nasl
2009-10-13 Name : SLES10: Security update for xntp
File : nvt/sles10_xntp.nasl
2009-10-11 Name : SLES11: Security update for ntp
File : nvt/sles11_ntp.nasl
2009-10-10 Name : SLES9: Security update for xntp
File : nvt/sles9p5049935.nasl
2009-09-23 Name : Solaris Update for ntpq 141911-01
File : nvt/gb_solaris_141911_01.nasl
2009-09-23 Name : Solaris Update for usr/sbin/ntpq 141397-01
File : nvt/gb_solaris_141397_01.nasl
2009-09-23 Name : Solaris Update for ntpq 141910-01
File : nvt/gb_solaris_141910_01.nasl
2009-08-03 Name : HP-UX Update for XNTP HPSBUX02437
File : nvt/gb_hp_ux_HPSBUX02437.nasl
2009-07-29 Name : Ubuntu USN-805-1 (ruby1.9)
File : nvt/ubuntu_805_1.nasl
2009-06-23 Name : Fedora Core 11 FEDORA-2009-5674 (ntp)
File : nvt/fcore_2009_5674.nasl
2009-06-15 Name : FreeBSD Security Advisory (FreeBSD-SA-09:11.ntpd.asc)
File : nvt/freebsdsa_ntpd1.nasl
2009-06-15 Name : SuSE Security Summary SUSE-SR:2009:011
File : nvt/suse_sr_2009_011.nasl
2009-06-05 Name : Gentoo Security Advisory GLSA 200905-08 (ntp)
File : nvt/glsa_200905_08.nasl
2009-06-05 Name : Mandrake Security Advisory MDVSA-2009:117 (ntp)
File : nvt/mdksa_2009_117.nasl
2009-06-05 Name : Fedora Core 9 FEDORA-2009-5275 (ntp)
File : nvt/fcore_2009_5275.nasl
2009-06-05 Name : Fedora Core 10 FEDORA-2009-5273 (ntp)
File : nvt/fcore_2009_5273.nasl
2009-06-05 Name : Ubuntu USN-777-1 (ntp)
File : nvt/ubuntu_777_1.nasl
2009-06-05 Name : Ubuntu USN-776-2 (kvm)
File : nvt/ubuntu_776_2.nasl
2009-05-25 Name : FreeBSD Ports: ntp
File : nvt/freebsd_ntp.nasl
2009-05-25 Name : CentOS Security Advisory CESA-2009:1039 (ntp)
File : nvt/ovcesa2009_1039.nasl
2009-05-25 Name : Debian Security Advisory DSA 1801-1 (ntp)
File : nvt/deb_1801_1.nasl
2009-05-22 Name : NTP 'ntpd' Autokey Stack Overflow Vulnerability
File : nvt/secpod_ntp_bof_vuln_may09.nasl
2009-05-20 Name : RedHat Security Advisory RHSA-2009:1039
File : nvt/RHSA_2009_1039.nasl
2009-05-20 Name : RedHat Security Advisory RHSA-2009:1040
File : nvt/RHSA_2009_1040.nasl
2009-04-30 Name : NTP Stack Buffer Overflow Vulnerability
File : nvt/secpod_ntp_bof_vuln.nasl
2009-04-15 Name : Mandrake Security Advisory MDVSA-2009:092 (ntp)
File : nvt/mdksa_2009_092.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-154-01 ntp
File : nvt/esoft_slk_ssa_2009_154_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
54576 NTP ntpd/ntp_crypto.c crypto_recv() Function Remote Overflow

53593 NTP ntpq/ntpq.c cookedprint() Function Remote Overflow

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-05-21 IAVM : 2015-A-0113 - Multiple Vulnerabilities in Juniper Networks CTPOS
Severity : Category I - VMSKEY : V0060737

Snort® IPS/IDS

Date Description
2014-01-10 Multiple Vendors NTP Daemon Autokey stack buffer overflow attempt
RuleID : 15514 - Revision : 11 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2015-01-07 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2015-0002.nasl - Type : ACT_GATHER_INFO
2015-01-07 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2015-0001.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2009-0011.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-1039.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-1651.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-1040.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-1040.nasl - Type : ACT_GATHER_INFO
2013-05-19 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_42470.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20091208_ntp_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20090518_ntp_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20090518_ntp_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-1039.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1651.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-1651.nasl - Type : ACT_GATHER_INFO
2009-12-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-309.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ntp-090508.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xntp-6232.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12415.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_39873.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_39872.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_39871.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_ntp-090508.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_ntp-090508.nasl - Type : ACT_GATHER_INFO
2009-06-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-5674.nasl - Type : ACT_GATHER_INFO
2009-06-04 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-154-01.nasl - Type : ACT_GATHER_INFO
2009-06-01 Name : The remote Fedora host is missing a security update.
File : fedora_2009-5273.nasl - Type : ACT_GATHER_INFO
2009-06-01 Name : The remote Fedora host is missing a security update.
File : fedora_2009-5275.nasl - Type : ACT_GATHER_INFO
2009-05-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200905-08.nasl - Type : ACT_GATHER_INFO
2009-05-26 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_4175c811f690489887c5755b3cf1bac6.nasl - Type : ACT_GATHER_INFO
2009-05-20 Name : The remote openSUSE host is missing a security update.
File : suse_xntp-6231.nasl - Type : ACT_GATHER_INFO
2009-05-20 Name : The remote NTP server is affected by a remote code execution vulnerability.
File : ntpd_autokey_overflow.nasl - Type : ACT_GATHER_INFO
2009-05-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-777-1.nasl - Type : ACT_GATHER_INFO
2009-05-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-117.nasl - Type : ACT_GATHER_INFO
2009-05-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1801.nasl - Type : ACT_GATHER_INFO
2009-05-19 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1040.nasl - Type : ACT_GATHER_INFO
2009-05-19 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1039.nasl - Type : ACT_GATHER_INFO
2009-05-13 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO
2009-05-13 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-092.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:38:32
  • Multiple Updates