FKIE_CVE-2009-1252

Vulnerability from fkie_nvd - Published: 2009-05-19 19:30 - Updated: 2026-04-23 00:35
Severity
Summary
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
References
cve@mitre.orgftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2009-1039.htmlPatch
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2009-1040.htmlPatch
cve@mitre.orghttp://secunia.com/advisories/35137
cve@mitre.orghttp://secunia.com/advisories/35138
cve@mitre.orghttp://secunia.com/advisories/35166
cve@mitre.orghttp://secunia.com/advisories/35169
cve@mitre.orghttp://secunia.com/advisories/35243
cve@mitre.orghttp://secunia.com/advisories/35253
cve@mitre.orghttp://secunia.com/advisories/35308
cve@mitre.orghttp://secunia.com/advisories/35336
cve@mitre.orghttp://secunia.com/advisories/35388
cve@mitre.orghttp://secunia.com/advisories/35416
cve@mitre.orghttp://secunia.com/advisories/35630
cve@mitre.orghttp://secunia.com/advisories/37470
cve@mitre.orghttp://secunia.com/advisories/37471
cve@mitre.orghttp://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc
cve@mitre.orghttp://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238
cve@mitre.orghttp://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1801
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200905-08.xml
cve@mitre.orghttp://www.kb.cert.org/vuls/id/853097US Government Resource
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:117
cve@mitre.orghttp://www.securityfocus.com/archive/1/507985/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/35017
cve@mitre.orghttp://www.securitytracker.com/id?1022243
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2009-0016.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1361
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/3316
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=499694Patch
cve@mitre.orghttps://launchpad.net/bugs/cve/2009-1252
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307
cve@mitre.orghttps://support.ntp.org/bugs/show_bug.cgi?id=1151
cve@mitre.orghttps://usn.ubuntu.com/777-1/
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2009-1039.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2009-1040.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35137
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35138
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35166
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35169
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35243
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35253
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35308
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35336
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35388
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35416
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35630
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37470
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37471
af854a3a-2127-422b-91ae-364da2661108http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1801
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/853097US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:117
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/507985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/35017
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022243
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2009-0016.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1361
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3316
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=499694Patch
af854a3a-2127-422b-91ae-364da2661108https://launchpad.net/bugs/cve/2009-1252
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307
af854a3a-2127-422b-91ae-364da2661108https://support.ntp.org/bugs/show_bug.cgi?id=1151
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/777-1/
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html
Impacted products
Vendor Product Version
ntp ntp 4.2.4p0
ntp ntp 4.2.4p1
ntp ntp 4.2.4p2
ntp ntp 4.2.4p3
ntp ntp 4.2.4p4
ntp ntp 4.2.4p5
ntp ntp 4.2.4p6
ntp ntp 4.2.5p0
ntp ntp 4.2.5p1
ntp ntp 4.2.5p2
ntp ntp 4.2.5p3
ntp ntp 4.2.5p4
ntp ntp 4.2.5p5
ntp ntp 4.2.5p6
ntp ntp 4.2.5p7
ntp ntp 4.2.5p8
ntp ntp 4.2.5p9
ntp ntp 4.2.5p10
ntp ntp 4.2.5p11
ntp ntp 4.2.5p12
ntp ntp 4.2.5p13
ntp ntp 4.2.5p14
ntp ntp 4.2.5p15
ntp ntp 4.2.5p16
ntp ntp 4.2.5p17
ntp ntp 4.2.5p18
ntp ntp 4.2.5p19
ntp ntp 4.2.5p20
ntp ntp 4.2.5p21
ntp ntp 4.2.5p23
ntp ntp 4.2.5p24
ntp ntp 4.2.5p25
ntp ntp 4.2.5p26
ntp ntp 4.2.5p27
ntp ntp 4.2.5p28
ntp ntp 4.2.5p29
ntp ntp 4.2.5p30
ntp ntp 4.2.5p31
ntp ntp 4.2.5p32
ntp ntp 4.2.5p33
ntp ntp 4.2.5p35
ntp ntp 4.2.5p36
ntp ntp 4.2.5p37
ntp ntp 4.2.5p38
ntp ntp 4.2.5p39
ntp ntp 4.2.5p40
ntp ntp 4.2.5p41
ntp ntp 4.2.5p42
ntp ntp 4.2.5p43
ntp ntp 4.2.5p44
ntp ntp 4.2.5p45
ntp ntp 4.2.5p46
ntp ntp 4.2.5p47
ntp ntp 4.2.5p48
ntp ntp 4.2.5p49
ntp ntp 4.2.5p50
ntp ntp 4.2.5p51
ntp ntp 4.2.5p52
ntp ntp 4.2.5p53
ntp ntp 4.2.5p54
ntp ntp 4.2.5p55
ntp ntp 4.2.5p56
ntp ntp 4.2.5p57
ntp ntp 4.2.5p58
ntp ntp 4.2.5p59
ntp ntp 4.2.5p60
ntp ntp 4.2.5p61
ntp ntp 4.2.5p62
ntp ntp 4.2.5p63
ntp ntp 4.2.5p64
ntp ntp 4.2.5p65
ntp ntp 4.2.5p66
ntp ntp 4.2.5p67
ntp ntp 4.2.5p68
ntp ntp 4.2.5p69
ntp ntp 4.2.5p70
ntp ntp 4.2.5p71
ntp ntp 4.2.5p73
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA843BCD-372A-42F5-A8C0-1AD32FA9E94C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B980A178-2958-4B36-8AD8-3932B12C5A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D65210A-F80E-4019-91DA-49838369E03F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29FAB224-3493-4273-A655-10BE44F5B5BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "093F0DD2-9E88-4138-AFF5-69105E7F2C92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3590927-E242-411D-822A-33337D6B8A4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.4p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "20FCD55C-D4A8-4544-81AF-C920B3B48A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p0:*:*:*:*:*:*:*",
              "matchCriteriaId": "881ED983-01B5-4A02-B671-8744EC0E1904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3897870-1724-4018-8F77-122548022535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7012720C-D4BD-40C5-8521-6859BE46DDDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8474ADA-F2A8-494D-BB6F-6EA4D4B865B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FFC396E-2E5C-4576-94D3-96C619523CA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F55042-5CA1-453E-A786-A8B346C02BC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C5930E-7792-4940-9EC3-CD5AE78D51B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "87004177-C6F2-4057-919D-20D91D01A8B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01570E4-447A-4F60-BD5C-40D201A464F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p9:*:*:*:*:*:*:*",
              "matchCriteriaId": "440B4315-C7B3-4930-BD4D-B55BD3EEEE9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p10:*:*:*:*:*:*:*",
              "matchCriteriaId": "760050D5-5F8E-41CE-98DA-31E5BFB8A6C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p11:*:*:*:*:*:*:*",
              "matchCriteriaId": "96E4FED4-A7F0-44C0-9405-1AB07D9B0079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p12:*:*:*:*:*:*:*",
              "matchCriteriaId": "78977FE3-FF1E-47CA-9B97-3E6EC18894B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p13:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E24A99-575E-42EB-9463-29021A33C914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p14:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBB88D29-930C-4552-889D-4DBF23EC3760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EE5C4-594E-4004-A8BC-AD4D3608FF35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p16:*:*:*:*:*:*:*",
              "matchCriteriaId": "16009504-A8ED-43E9-A7F9-E8E1628449BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A4A86DA-E8CB-44B5-9E7D-A69A149FAF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F918DA-D4F3-4016-861E-78A8A00F9FEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p19:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD908ABD-5A18-436B-830B-7F252E22B3CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8152815-3510-4FE7-A8B9-51EB857D7262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p21:*:*:*:*:*:*:*",
              "matchCriteriaId": "C03D4FCB-A0CE-45EA-80FC-523F388E51A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p23:*:*:*:*:*:*:*",
              "matchCriteriaId": "86CBFD14-8B03-4F0D-8B0F-670629334D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p24:*:*:*:*:*:*:*",
              "matchCriteriaId": "656E046B-C3F2-4DD5-B3C2-C60ACEBC808C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p25:*:*:*:*:*:*:*",
              "matchCriteriaId": "014A6026-C4B9-4E09-9170-059D1FD8D95A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p26:*:*:*:*:*:*:*",
              "matchCriteriaId": "51BAB21E-C818-492A-A537-EFDF57E412EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p27:*:*:*:*:*:*:*",
              "matchCriteriaId": "92CACCD1-DF24-4226-A891-6FD7EBB0E57C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p28:*:*:*:*:*:*:*",
              "matchCriteriaId": "824DE9A3-5ABF-4E9F-985D-0633893CAECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p29:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A27E0EA-38B8-49F0-818B-BB4CAA7EF7B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p30:*:*:*:*:*:*:*",
              "matchCriteriaId": "8347419F-6B7F-4BA6-B03C-3A52E5F7148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p31:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D73277-B636-4F50-88F0-A79278EB6AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p32:*:*:*:*:*:*:*",
              "matchCriteriaId": "4701E3A4-FE51-4A48-8ABB-67DFE815BBFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p33:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A2E5F24-1242-4819-8787-4F2EB9E97C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p35:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD55122C-2983-4193-BC46-6269A348EC5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p36:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4199168-912C-4702-801C-A36394ED494B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p37:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D89067A-7F24-458A-AD6F-ADFB92C24F93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p38:*:*:*:*:*:*:*",
              "matchCriteriaId": "362FDB7C-EA5E-480D-96FB-2BCEF7F4E64A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p39:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC3E2B20-E6B7-47DB-8A02-CAAF6C2B1597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p40:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F3B4EA-053B-4A25-88F8-A788F88488A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p41:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B31D93-005E-498A-8935-EC31DC104B18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p42:*:*:*:*:*:*:*",
              "matchCriteriaId": "125D14D2-3443-46E6-AC58-967683604B2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p43:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2969C79-0B8F-4759-9978-7432BA388ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p44:*:*:*:*:*:*:*",
              "matchCriteriaId": "485E789D-B602-477E-BD10-0054AEE98D69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p45:*:*:*:*:*:*:*",
              "matchCriteriaId": "83284150-1E06-45B0-BD75-7BE895EB99B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p46:*:*:*:*:*:*:*",
              "matchCriteriaId": "3298B973-D08A-44A6-AD60-0E18A9FF55AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p47:*:*:*:*:*:*:*",
              "matchCriteriaId": "06314717-CF64-4269-A049-F70396CA000A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p48:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF909823-66E7-49AE-9385-DCDA7CD5EB51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p49:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4FE8C8E-6051-4DB8-B03B-6EF211992545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p50:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1FF094E-49CA-41BB-A568-2BA49D770270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p51:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE0D9B6F-3838-40ED-9998-89E66EEA79EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p52:*:*:*:*:*:*:*",
              "matchCriteriaId": "8076E3B3-57DA-425A-9CBD-426ADE3735F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p53:*:*:*:*:*:*:*",
              "matchCriteriaId": "E66A89E0-B31A-4469-859C-6C323399A706",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p54:*:*:*:*:*:*:*",
              "matchCriteriaId": "6813F72B-4D8B-4903-BCB7-5A0EDE288B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p55:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F8F957C-632F-4E5D-82E3-B3DF6572C924",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p56:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC1DBF1-C2EE-4241-A50F-40E837B84C40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p57:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7826192-660B-49AC-B1B8-BD799712DF55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p58:*:*:*:*:*:*:*",
              "matchCriteriaId": "3443D451-1845-4440-AFB8-D6432585CBF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p59:*:*:*:*:*:*:*",
              "matchCriteriaId": "88C81B35-94C8-4881-B2FA-AF8214AAEBF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p60:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D3BDB8B-21E7-45EB-B39A-8822B64196ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p61:*:*:*:*:*:*:*",
              "matchCriteriaId": "808929AC-EC57-49FF-9FCC-FE593743EE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p62:*:*:*:*:*:*:*",
              "matchCriteriaId": "28C8CE4D-6C53-490E-8223-A6A4EEEA2CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p63:*:*:*:*:*:*:*",
              "matchCriteriaId": "C49B2C1E-5653-4DA9-96A1-8E84A0AAB95E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p64:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DCD5198-26B4-4334-8077-916EA21F0760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p65:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD533741-97B8-4726-A7C4-4B7D0723817E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p66:*:*:*:*:*:*:*",
              "matchCriteriaId": "0336E989-FB7F-49CC-9FC9-F10B5C6716CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p67:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CD72509-2E02-4C18-8AB1-7FAB7016EB34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p68:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD88BB1-C82A-4021-BEA3-40B23CA2A5CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p69:*:*:*:*:*:*:*",
              "matchCriteriaId": "79740F38-3210-4AF2-80C7-692DA5C5E315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p70:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A1FB0C1-3A68-41A3-9290-1CAA09042716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p71:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA193DE-E94C-4229-8FBC-1E35884F310B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5p73:*:*:*:*:*:*:*",
              "matchCriteriaId": "C76D8727-2324-4A2B-B73A-99E452FD07E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n crypto_recv en ntp_crypto.c en ntpd en NTP anteriores a v4.2.4p7 y v4.2.5 anterior a v4.2.5p74, cuando OpenSSL y autokey est\u00e1n activados, permite a atacantes remotos ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de paquetes manipulados que contienen un campo de extension."
    }
  ],
  "id": "CVE-2009-1252",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-05-19T19:30:00.670",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35137"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35138"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35166"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35169"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35243"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35253"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35308"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35336"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35388"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35416"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35630"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37470"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1801"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/853097"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/35017"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022243"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/1361"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://launchpad.net/bugs/cve/2009-1252"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/777-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1801"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/853097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://launchpad.net/bugs/cve/2009-1252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/777-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.