CVE-2009-0159
Published: 14 April 2009
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Notes
Author | Note |
---|---|
kees | user-side (ntpq), 2 bytes, stack-only. |
Priority
Status
Package | Release | Status |
---|---|---|
ntp Launchpad, Ubuntu, Debian |
dapper |
Released
(1:4.2.0a+stable-8.1ubuntu6.2)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(1:4.2.4p4+dfsg-3ubuntu2.2)
|
|
intrepid |
Released
(1:4.2.4p4+dfsg-6ubuntu2.3)
|
|
jaunty |
Released
(1:4.2.4p4+dfsg-7ubuntu5.1)
|
|
upstream |
Released
(4.2.4p7-RC2)
|
|
Patches: upstream: https://support.ntp.org/bugs/show_bug.cgi?id=1144 |