CVE-2009-0159 — Improper Restriction of Operations within the Bounds of a Memory Buffer in NTP

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow8 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

20.3%

top 4.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NTP Debian NTP Vmware Esxi +4 more

Timeline

PublishedApr 14

Latest updateMay 3

Description

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages8 packages

▶debiandebian/ntp< ntp 1:4.2.4p6+dfsg-2 (bullseye)

▶Debianntp/ntp< 1:4.2.4p6+dfsg-2

▶NVDntp/ntp4.2.4p7+28

▶vmwarevmware/esxi

▶vmwarevmware/vmware_tools

Patches

Patch: www.securityfocus.com ↗Patch: support.ntp.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-wg77-pm57-j6rv: Stack-based buffer overflow in the cookedprint function in ntpq/ntpq↗2022-05-03

▶

OSV

CVE-2009-0159: Stack-based buffer overflow in the cookedprint function in ntpq/ntpq↗2009-04-14

▶

📋Vendor Advisories

VMware

VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.↗2009-11-20

▶

Ubuntu

Ntp vulnerabilities↗2009-05-19

▶

Red Hat

ntp: buffer overflow in ntpq↗2009-04-09

▶

Debian

CVE-2009-0159: ntp - Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq i...↗2009

▶

💬Community

Bugzilla

CVE-2009-0159 ntp: buffer overflow in ntpq↗2009-03-17

▶