6.8 - MDVSA-2009:092

Executive Summary

Informations
Name	MDVSA-2009:092	First vendor Publication	2009-04-13
Vendor	Mandriva	Last vendor Modification	2009-04-13
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been found and corrected in ntp:

Requesting peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution (CVE-2009-0159).

The updated packages have been patched to correct this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:092

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19392

Oval ID:	oval:org.mitre.oval:def:19392
Title:	HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
Description:	Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0159	Version:	9
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02927 HP-UX B.11.31 AND filesets tests NTP.INETSVCS2-BOOT version is less than C.4.2.6.0.0 AND NTP.NTP-AUX version is less than C.4.2.6.0.0 AND NTP.NTP-RUN version is less than C.4.2.6.0.0 OR Criteria meets HP Security Bulletin HPSBUX02758 HP-UX B.11.31 AND filesets tests Networking.NET-PRG is installed AND Networking.NET-RUN is installed AND OS-Core.SYS-ADMIN is installed AND ProgSupport.C-INC is installed AND Networking.NET-RUN-64 is installed AND Networking.NET2-KRN is installed AND Networking.NET2-RUN is installed AND Networking.NMS2-KRN is installed AND OS-Core.CORE2-KRN is installed AND OS-Core.SYS2-ADMIN is installed AND Networking.NET-RUN-64 is installed AND Networking.NET2-KRN is installed AND Networking.NET2-RUN is installed AND Networking.NMS2-KRN is installed AND OS-Core.CORE2-KRN is installed AND OS-Core.SYS2-ADMIN is installed AND NOT Patch PHNE_42470 is installed

Definition Id: oval:org.mitre.oval:def:5411

Oval ID:	oval:org.mitre.oval:def:5411
Title:	HP-UX Running XNTP, Remote Execution of Arbitrary Code
Description:	Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0159	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02437 HP Release B.11.23 AND InternetSrvcs.INETSVCS2-BOOT is installed AND NOT Patch PHNE_39872 is installed OR Criteria meets HP Security Bulletin HPSBUX02437 HP Release B.11.11 AND InternetSrvcs.INETSVCS-BOOT is installed AND NOT Patch PHNE_39871 is installed OR Criteria meets HP Security Bulletin HPSBUX02437 HP-UX B.11.31 AND NTP.NTP-RUN is installed AND NOT Patch PHNE_39873 is installed

Definition Id: oval:org.mitre.oval:def:8386

Oval ID:	oval:org.mitre.oval:def:8386
Title:	VMware ntpq stack-based buffer overflow vulnerability
Description:	Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0159	Version:	4
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-200911238-SG is not installed

Definition Id: oval:org.mitre.oval:def:8665

Oval ID:	oval:org.mitre.oval:def:8665
Title:	VMware ntpd stack-based buffer overflow vulnerability
Description:	Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0159	Version:	4
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-200911238-SG is not installed

Definition Id: oval:org.mitre.oval:def:9634

Oval ID:	oval:org.mitre.oval:def:9634
Title:	Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Description:	Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0159	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND ntp is earlier than 0:4.1.2-6.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND ntp is earlier than 0:4.2.0.a.20040617-8.el4_7.2 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND ntp is earlier than 0:4.2.2p1-9.el5_3.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Ntp cpe:2.3:a:ntp:ntp:4.2.4p7:rc1:::::: cpe:2.3:a:ntp:ntp:4.2.4p6:::::::* cpe:2.3:a:ntp:ntp:4.2.4p5:::::::* cpe:2.3:a:ntp:ntp:4.2.4p4:::::::* cpe:2.3:a:ntp:ntp:4.2.4p3:::::::* cpe:2.3:a:ntp:ntp:4.2.4p2:::::::* cpe:2.3:a:ntp:ntp:4.2.4p1:::::::* cpe:2.3:a:ntp:ntp:4.2.4p0:::::::* cpe:2.3:a:ntp:ntp:4.2.4:p7:::::: cpe:2.3:a:ntp:ntp:4.2.4:p3:::::: cpe:2.3:a:ntp:ntp:4.2.4:p4:::::: cpe:2.3:a:ntp:ntp:4.2.4:p1:::::: cpe:2.3:a:ntp:ntp:4.2.4:p2:::::: cpe:2.3:a:ntp:ntp:4.2.4:::::::* cpe:2.3:a:ntp:ntp:4.2.4:p5:::::: cpe:2.3:a:ntp:ntp:4.2.4:p7_rc1:::::: cpe:2.3:a:ntp:ntp:4.2.4:p8:::::: cpe:2.3:a:ntp:ntp:4.2.4:p0:::::: cpe:2.3:a:ntp:ntp:4.2.4:p7_rc7:::::: cpe:2.3:a:ntp:ntp:4.2.4:p6:::::: cpe:2.3:a:ntp:ntp:4.2.4:p7_rc6:::::: cpe:2.3:a:ntp:ntp:4.2.4:p7_rc5:::::: cpe:2.3:a:ntp:ntp:4.2.4:p7_rc4:::::: cpe:2.3:a:ntp:ntp:4.2.4:p7_rc3:::::: cpe:2.3:a:ntp:ntp:4.2.4:p7_rc2:::::: cpe:2.3:a:ntp:ntp:4.2.2p4:::::::* cpe:2.3:a:ntp:ntp:4.2.2p3:::::::* cpe:2.3:a:ntp:ntp:4.2.2p2:::::::* cpe:2.3:a:ntp:ntp:4.2.2p1:::::::* cpe:2.3:a:ntp:ntp:4.2.2:p2:::::: cpe:2.3:a:ntp:ntp:4.2.2:p4:::::: cpe:2.3:a:ntp:ntp:4.2.2:p1:::::: cpe:2.3:a:ntp:ntp:4.2.2:p3:::::: cpe:2.3:a:ntp:ntp:4.2.2:::::::* cpe:2.3:a:ntp:ntp:4.2.0:::::::* cpe:2.3:a:ntp:ntp:4.1.2:::::::* cpe:2.3:a:ntp:ntp:4.1.0:::::::* cpe:2.3:a:ntp:ntp:4.0.99:::::::* cpe:2.3:a:ntp:ntp:4.0.98:::::::* cpe:2.3:a:ntp:ntp:4.0.97:::::::* cpe:2.3:a:ntp:ntp:4.0.96:::::::* cpe:2.3:a:ntp:ntp:4.0.95:::::::* cpe:2.3:a:ntp:ntp:4.0.94:::::::* cpe:2.3:a:ntp:ntp:4.0.93:::::::* cpe:2.3:a:ntp:ntp:4.0.92:::::::* cpe:2.3:a:ntp:ntp:4.0.91:::::::* cpe:2.3:a:ntp:ntp:4.0.90:::::::* cpe:2.3:a:ntp:ntp:4.0.73:::::::* cpe:2.3:a:ntp:ntp:4.0.72:::::::* cpe:2.3:a:ntp:ntp:::::::: cpe:2.3:a:ntp:ntp:-:::::::*	51

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for ntp CESA-2009:1651 centos3 i386 File : nvt/gb_CESA-2009_1651_ntp_centos3_i386.nasl
2011-08-09	Name : CentOS Update for ntp CESA-2009:1039 centos5 i386 File : nvt/gb_CESA-2009_1039_ntp_centos5_i386.nasl
2010-05-12	Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2009-12-14	Name : RedHat Security Advisory RHSA-2009:1651 File : nvt/RHSA_2009_1651.nasl
2009-12-14	Name : Fedora Core 10 FEDORA-2009-13121 (ntp) File : nvt/fcore_2009_13121.nasl
2009-12-14	Name : CentOS Security Advisory CESA-2009:1651 (ntp) File : nvt/ovcesa2009_1651.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:309 (ntp) File : nvt/mdksa_2009_309.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-13	Name : SLES10: Security update for xntp File : nvt/sles10_xntp.nasl
2009-10-13	Name : Solaris Update for usr/sbin/ntpq 141396-01 File : nvt/gb_solaris_141396_01.nasl
2009-10-11	Name : SLES11: Security update for ntp File : nvt/sles11_ntp.nasl
2009-10-10	Name : SLES9: Security update for xntp File : nvt/sles9p5049935.nasl
2009-09-23	Name : Solaris Update for usr/sbin/ntpq 141397-01 File : nvt/gb_solaris_141397_01.nasl
2009-09-23	Name : Solaris Update for ntpq 141910-01 File : nvt/gb_solaris_141910_01.nasl
2009-09-23	Name : Solaris Update for ntpq 141911-01 File : nvt/gb_solaris_141911_01.nasl
2009-08-03	Name : HP-UX Update for XNTP HPSBUX02437 File : nvt/gb_hp_ux_HPSBUX02437.nasl
2009-07-29	Name : Ubuntu USN-805-1 (ruby1.9) File : nvt/ubuntu_805_1.nasl
2009-06-15	Name : SuSE Security Summary SUSE-SR:2009:011 File : nvt/suse_sr_2009_011.nasl
2009-06-05	Name : Gentoo Security Advisory GLSA 200905-08 (ntp) File : nvt/glsa_200905_08.nasl
2009-06-05	Name : Fedora Core 9 FEDORA-2009-5275 (ntp) File : nvt/fcore_2009_5275.nasl
2009-06-05	Name : Fedora Core 10 FEDORA-2009-5273 (ntp) File : nvt/fcore_2009_5273.nasl
2009-06-05	Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl
2009-06-05	Name : Ubuntu USN-777-1 (ntp) File : nvt/ubuntu_777_1.nasl
2009-05-25	Name : FreeBSD Ports: ntp File : nvt/freebsd_ntp.nasl
2009-05-25	Name : CentOS Security Advisory CESA-2009:1039 (ntp) File : nvt/ovcesa2009_1039.nasl
2009-05-25	Name : Debian Security Advisory DSA 1801-1 (ntp) File : nvt/deb_1801_1.nasl
2009-05-20	Name : RedHat Security Advisory RHSA-2009:1040 File : nvt/RHSA_2009_1040.nasl
2009-05-20	Name : RedHat Security Advisory RHSA-2009:1039 File : nvt/RHSA_2009_1039.nasl
2009-04-30	Name : NTP Stack Buffer Overflow Vulnerability File : nvt/secpod_ntp_bof_vuln.nasl
2009-04-15	Name : Mandrake Security Advisory MDVSA-2009:092 (ntp) File : nvt/mdksa_2009_092.nasl
0000-00-00	Name : Slackware Advisory SSA:2009-154-01 ntp File : nvt/esoft_slk_ssa_2009_154_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
53593	NTP ntpq/ntpq.c cookedprint() Function Remote Overflow

Information Assurance Vulnerability Management (IAVM)

Date	Description
2015-05-21	IAVM : 2015-A-0113 - Multiple Vulnerabilities in Juniper Networks CTPOS Severity : Category I - VMSKEY : V0060737

Nessus® Vulnerability Scanner

Date	Description
2016-03-03	Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2015-01-07	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0002.nasl - Type : ACT_GATHER_INFO
2015-01-07	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0001.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2009-0011.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1651.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1040.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1039.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1040.nasl - Type : ACT_GATHER_INFO
2013-05-19	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_42470.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20091208_ntp_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20090518_ntp_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20090518_ntp_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1039.nasl - Type : ACT_GATHER_INFO
2009-12-09	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1651.nasl - Type : ACT_GATHER_INFO
2009-12-09	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1651.nasl - Type : ACT_GATHER_INFO
2009-12-04	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-309.nasl - Type : ACT_GATHER_INFO
2009-11-23	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12415.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xntp-6232.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_ntp-090508.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_39871.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_39872.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_39873.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_ntp-090508.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_ntp-090508.nasl - Type : ACT_GATHER_INFO
2009-06-04	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-154-01.nasl - Type : ACT_GATHER_INFO
2009-06-01	Name : The remote Fedora host is missing a security update. File : fedora_2009-5275.nasl - Type : ACT_GATHER_INFO
2009-06-01	Name : The remote Fedora host is missing a security update. File : fedora_2009-5273.nasl - Type : ACT_GATHER_INFO
2009-05-27	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200905-08.nasl - Type : ACT_GATHER_INFO
2009-05-26	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4175c811f690489887c5755b3cf1bac6.nasl - Type : ACT_GATHER_INFO
2009-05-20	Name : The remote openSUSE host is missing a security update. File : suse_xntp-6231.nasl - Type : ACT_GATHER_INFO
2009-05-20	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-777-1.nasl - Type : ACT_GATHER_INFO
2009-05-20	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1801.nasl - Type : ACT_GATHER_INFO
2009-05-19	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1040.nasl - Type : ACT_GATHER_INFO
2009-05-19	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1039.nasl - Type : ACT_GATHER_INFO
2009-05-13	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-05-13	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-092.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:40:11	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	5
CPE ID(s)	51
osvdb(s)	1
Openvas Exploit(s)	31
IAVM(s)	1
Nessus® Exploit(s)	38

	Related
6.8	CVE-2009-0159
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

6.8 - MDVSA-2009:092

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU