Summary: | <net-misc/ntp-4.2.4_p7 Stack-based buffer overflow (CVE-2009-1252) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | base-system |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | C1 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 263033 | ||
Bug Blocks: |
Description
Alex Legler (RETIRED)
2009-05-07 19:12:14 UTC
"The reporter has indicated that 4.2.4p7-RC5 currently contains the fix, and that this version will be the same as the release version, aside from the version number." So we can do prestabling with RC5, maybe just call it 4.2.4_p7 with some SRC_URI hax until moving into gentoo-x86. Please prepare and attach an ebuild. As usual, no commits to CVS, please. CVE-2009-1252 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1252): Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. ntp-4.2.4_p7 is now in the tree GLSA draft filed. GLSA 200905-08 |