ntpd contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service.
NTP (Network Time Protocol) is a method by which client machines can synchronize the local date and time with a reference server. ntpd, which is the NTP daemon, contains a stack buffer overflow when it is compiled with OpenSSL support. The vulnerability is caused by the use of sprintf() in the crypto_recv() function in ntpd/ntp_crypto.c. The vulnerable code is reachable if ntpd is configured to use autokey. This vulnerable configuration is indicated by a crypto pw password line in the ntp.conf file, where password is the password that has been configured.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the ntpd daemon.
Apply an update
This issue is addressed in ntp 4.2.4p7 and 4.2.5p74.
Debian GNU/Linux Affected
FreeBSD, Inc. Affected
Gentoo Linux Affected
Red Hat, Inc. Affected
SUSE Linux Affected
Cray Inc. Not Affected
DragonFly BSD Project Not Affected
Hewlett-Packard Company Not Affected
Juniper Networks, Inc. Not Affected
Microsoft Corporation Not Affected
SafeNet Not Affected
The SCO Group Not Affected
Apple Computer, Inc. Unknown
Conectiva Inc. Unknown
EMC Corporation Unknown
Engarde Secure Linux Unknown
F5 Networks, Inc. Unknown
Fedora Project Unknown
IBM Corporation Unknown
IBM Corporation (zseries) Unknown
IBM eServer Unknown
Ingrian Networks, Inc. Unknown
Mandriva S. A. Unknown
MontaVista Software, Inc. Unknown
NEC Corporation Unknown
Novell, Inc. Unknown
Openwall GNU/*/Linux Unknown
QNX, Software Systems, Inc. Unknown
Silicon Graphics, Inc. Unknown
Slackware Linux Inc. Unknown
Sony Corporation Unknown
Sun Microsystems, Inc. Unknown
Wind River Systems, Inc. Unknown
|Temporal||0||E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND)|
|Environmental||0||CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND)|
This vulnerability was reported by Harlan Stenn of the NTP Forum at ISC (ntpforum.isc.org), who in turn credits Chris Ries of CMU.
This document was written by Will Dormann.
|Date First Published:||2009-05-18|
|Date Last Updated:||2009-08-12 19:01 UTC|