[pkg-ntp-maintainers] Bug#525373: also CVE-2009-1252: remote arbitrary code execution in ntpd
Stefan Fritsch
sf at sfritsch.de
Fri Jun 5 18:37:34 UTC 2009
retitle 525373 ntp: multiple security issues
severity 525373 grave
thanks
CVE-2009-1252:
Stack-based buffer overflow in the crypto_recv function in
ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74,
when OpenSSL and autokey are enabled, allows remote attackers to
execute arbitrary code via a crafted packet containing an extension
field.
More information about the pkg-ntp-maintainers
mailing list