Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 268962 (CVE-2009-1252) - <net-misc/ntp-4.2.4_p7 Stack-based buffer overflow (CVE-2009-1252)
Summary: <net-misc/ntp-4.2.4_p7 Stack-based buffer overflow (CVE-2009-1252)
Alias: CVE-2009-1252
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: C1 [glsa]
Depends on: CVE-2009-0159
  Show dependency tree
Reported: 2009-05-07 19:12 UTC by Alex Legler (RETIRED)
Modified: 2009-05-26 16:09 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-07 19:12:14 UTC
** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

Will Dormann with CERT informed us about a vulnerability in ntp:

If autokey is enabled (the ntp.conf file contains the line
"crypto pw whatever") a remote attacker can send a carefully crafted
packet that can overflow a stack buffer and potentially allow for
malicious code to be executed with the privilege level of the ntpd
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-07 19:18:44 UTC
"The reporter has indicated that 4.2.4p7-RC5 currently contains the
fix, and that this version will be the same as the release version,
aside from the version number."

So we can do prestabling with RC5, maybe just call it 4.2.4_p7 with some SRC_URI hax until moving into gentoo-x86.

Please prepare and attach an ebuild. As usual, no commits to CVS, please.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-19 21:26:40 UTC
CVE-2009-1252 (
  Stack-based buffer overflow in the crypto_recv function in
  ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74,
  when OpenSSL and autokey are enabled, allows remote attackers to
  execute arbitrary code via a crafted packet containing an extension

Comment 3 SpanKY gentoo-dev 2009-05-19 23:09:52 UTC
ntp-4.2.4_p7 is now in the tree
Comment 4 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-25 17:28:03 UTC
GLSA draft filed.
Comment 5 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-26 16:09:48 UTC
GLSA 200905-08