ntpd contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service.
NTP (Network Time Protocol) is a method by which client machines can synchronize the local date and time with a reference server. ntpd, which is the NTP daemon, contains a stack buffer overflow when it is compiled with OpenSSL support. The vulnerability is caused by the use of sprintf() in the crypto_recv() function in ntpd/ntp_crypto.c. The vulnerable code is reachable if ntpd is configured to use autokey. This vulnerable configuration is indicated by a crypto pw password line in the ntp.conf file, where password is the password that has been configured.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the ntpd daemon.
Apply an update
This issue is addressed in ntp 4.2.4p7 and 4.2.5p74.
This vulnerability was reported by Harlan Stenn of the NTP Forum at ISC ( ntpforum.isc.org ), who in turn credits Chris Ries of CMU.
|Date First Published:||2009-05-18|
|Date Last Updated:||2009-08-12 19:01 UTC|