National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2009-0159 Detail

Description

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

Source:  MITRE      Last Modified:  04/14/2009

Quick Info

CVE Dictionary Entry:
CVE-2009-0159
Original release date:
04/14/2009
Last revised:
09/28/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
6.8 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable - Victim must voluntarily interact with attack mechanism
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc External Source NETBSD NetBSD-SA2009-006
http://bugs.pardus.org.tr/show_bug.cgi?id=9532 External Source CONFIRM http://bugs.pardus.org.tr/show_bug.cgi?id=9532
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html External Source APPLE APPLE-SA-2009-05-12
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html External Source SUSE SUSE-SR:2009:011
http://marc.info/?l=bugtraq&m=136482797910018&w=2 External Source HP HPSBUX02859
http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565 External Source CONFIRM http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565
http://rhn.redhat.com/errata/RHSA-2009-1039.html External Source REDHAT RHSA-2009:1039
http://rhn.redhat.com/errata/RHSA-2009-1040.html External Source REDHAT RHSA-2009:1040
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238 External Source SLACKWARE SSA:2009-154-01
http://support.apple.com/kb/HT3549 External Source CONFIRM http://support.apple.com/kb/HT3549
http://www.debian.org/security/2009/dsa-1801 External Source DEBIAN DSA-1801
http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml External Source GENTOO GLSA-200905-08
http://www.mandriva.com/security/advisories?name=MDVSA-2009:092 External Source MANDRIVA MDVSA-2009:092
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded External Source BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
http://www.securityfocus.com/bid/34481 Patch External Source BID 34481
http://www.securitytracker.com/id?1022033 External Source SECTRACK 1022033
http://www.ubuntulinux.org/support/documentation/usn/usn-777-1 External Source UBUNTU USN-777-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html US Government Resource External Source CERT TA09-133A
http://www.vmware.com/security/advisories/VMSA-2009-0016.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/0999 Vendor Advisory External Source VUPEN ADV-2009-0999
http://www.vupen.com/english/advisories/2009/1297 Vendor Advisory External Source VUPEN ADV-2009-1297
http://www.vupen.com/english/advisories/2009/3316 Vendor Advisory External Source VUPEN ADV-2009-3316
https://bugzilla.redhat.com/show_bug.cgi?id=490617 External Source CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=490617
https://exchange.xforce.ibmcloud.com/vulnerabilities/49838 External Source XF ntp-cookedprint-bo(49838)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19392 External Source OVAL oval:org.mitre.oval:def:19392
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5411 External Source OVAL oval:org.mitre.oval:def:5411
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8386 External Source OVAL oval:org.mitre.oval:def:8386
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8665 External Source OVAL oval:org.mitre.oval:def:8665
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9634 External Source OVAL oval:org.mitre.oval:def:9634
https://rhn.redhat.com/errata/RHSA-2009-1651.html External Source REDHAT RHSA-2009:1651
https://support.ntp.org/bugs/show_bug.cgi?id=1144 Patch External Source CONFIRM https://support.ntp.org/bugs/show_bug.cgi?id=1144
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html External Source FEDORA FEDORA-2009-5273
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html External Source FEDORA FEDORA-2009-5275

References to Check Content

Identifier:
oval:org.mitre.oval:def:5411
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5411
Identifier:
oval:org.mitre.oval:def:8386
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8386
Identifier:
oval:org.mitre.oval:def:8665
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8665
Identifier:
oval:org.mitre.oval:def:9634
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9634

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes