[pkg-ntp-maintainers] Bug#525373: Bug#525373: CVE-2009-0159: buffer overflow in ntpq
Peter Eisentraut
petere at debian.org
Fri Apr 24 07:03:02 UTC 2009
On Friday 24 April 2009 06:15:53 Steffen Joeris wrote:
> CVE-2009-0159[0]:
> | Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c
> | in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute
> | arbitrary code via a crafted response.
>
> The upstream bug together with the patch can be found here[1]. The issue
> can only be exploited by querying a malicious server and even then the
> overflow is fairly limited.
For unstable, I suggest that we wait for the p7 upstream release, which
appears to be not far away. For stable and oldstable we need to do the
security dance.
More information about the pkg-ntp-maintainers
mailing list