CVE-2009-0159 – ntp: buffer overflow in ntpq
https://notcve.org/view.php?id=CVE-2009-0159
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. Desbordamiento de búfer basado en pila en la función cookedprint en ntpq/ntpq.c en ntpq en NTP versiones anteriores a v4.2.4p7-RC2 permite a servidores NTP remotos ejecutar código de su elección a través de respuestas manipuladas. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc http://bugs.pardus.org.tr/show_bug.cgi?id=9532 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://marc.info/?l=bugtraq&m=136482797910018&w=2 http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565 http://osvdb.org/53593 http://rhn.redhat.com/errata/RHSA-2009-1039.html http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2009-0021 – ntp incorrectly checks for malformed signatures
https://notcve.org/view.php?id=CVE-2009-0021
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. NTP versiones 4.2.4 anteriores a 4.2.4p5 y versiones 4.2.5 anteriores a 4.2.5p150, no comprueba apropiadamente el valor devuelto de la función EVP_VerifyFinal de OpenSSL, que permite a los atacantes remotos omitir la comprobación de la cadena de certificados por medio de una firma de SSL/TLS malformada para las claves DSA y ECDSA, una vulnerabilidad similar a CVE-2008-5077. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/33406 http://secunia.com/advisories/33558 http://secunia.com/advisories/33648 http://secunia.com/advisories/34642 http://secunia.com/advisories/35074 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.531177 • CWE-287: Improper Authentication •
CVE-2004-0657
https://notcve.org/view.php?id=CVE-2004-0657
Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time. • http://marc.info/?l=bugtraq&m=108922292425219&w=2 http://www.kb.cert.org/vuls/id/584606 https://exchange.xforce.ibmcloud.com/vulnerabilities/15406 • CWE-190: Integer Overflow or Wraparound •