NTP BUG 1151: Remote exploit if autokey is enabled
Last update: January 15, 2024 18:03 UTC (83e32bc41)
Summary
| Resolved |
Stable (4.2.4p7)
Development (4.2.5p74) |
4 Mar 2009
10 Sep 2007 |
| References |
Bug 1151 |
CVE-2009-1252 |
| Affects |
All releases from 4.0.99m/4.1.70 (2001-08-15) through 4.2.4 before 4.2.4p7 and 4.2.5 before 4.2.5p74. |
Resolved in 4.2.4p7 and 4.2.5p74. |
| CVSS2 Score |
6.8 |
AV:N/AC:M/Au:N/C:P/I:P/A:P |
Description
When Autokey Authentication is enabled (i.e. the ntp.conf file contains a crypto pw ... directive) a remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process.
Mitigation
- Upgrade to 4.2.4p7 or 4.2.5p74, or later.
- Disable Autokey Authentication by removing, or commenting out, all configuration directives beginning with the
crypto keyword in your ntp.conf file.
Credit
This vulnerability was discovered by Chis Ries of CMU.
Timeline