search menu icon-carat-right cmu-wordmark

CERT Coordination Center

ntpd autokey stack buffer overflow

Vulnerability Note VU#853097

Original Release Date: 2009-05-18 | Last Revised: 2009-08-12

Overview

ntpd contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service.

Description

NTP (Network Time Protocol) is a method by which client machines can synchronize the local date and time with a reference server. ntpd, which is the NTP daemon, contains a stack buffer overflow when it is compiled with OpenSSL support. The vulnerability is caused by the use of sprintf() in the crypto_recv() function in ntpd/ntp_crypto.c. The vulnerable code is reachable if ntpd is configured to use autokey. This vulnerable configuration is indicated by a crypto pw password line in the ntp.conf file, where password is the password that has been configured.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the ntpd daemon.

Solution

Apply an update

This issue is addressed in ntp 4.2.4p7 and 4.2.5p74.


Disable autokey

This vulnerability can be mitigated by removing the crypto pw passwordline from the ntp.conf file.

Vendor Information

853097
 

View all 39 vendors View less vendors


CVSS Metrics

Group Score Vector
Base 0 AV:--/AC:--/Au:--/C:--/I:--/A:--
Temporal 0 E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND)
Environmental 0 CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND)

References

Acknowledgements

This vulnerability was reported by Harlan Stenn of the NTP Forum at ISC (ntpforum.isc.org), who in turn credits Chris Ries of CMU.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2009-1252
Severity Metric: 9.45
Date Public: 2009-05-18
Date First Published: 2009-05-18
Date Last Updated: 2009-08-12 19:01 UTC
Document Revision: 31

Sponsored by CISA.