CVE-2009-0159

ntp: buffer overflow in ntpq

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

Desbordamiento de búfer basado en pila en la función cookedprint en ntpq/ntpq.c en ntpq en NTP versiones anteriores a v4.2.4p7-RC2 permite a servidores NTP remotos ejecutar código de su elección a través de respuestas manipuladas.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-01-16 CVE Reserved
2009-04-14 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121: Stack-based Buffer Overflow

CAPEC

References (47)

URL	Tag	Source
http://bugs.pardus.org.tr/show_bug.cgi?id=9532	X_refsource_confirm
http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565	X_refsource_confirm
http://osvdb.org/53593	Vdb Entry
http://support.apple.com/kb/HT3549	X_refsource_confirm
http://www.securityfocus.com/archive/1/507985/100/0/threaded	Mailing List
http://www.securitytracker.com/id?1022033	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA09-133A.html	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/49838	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19392	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5411	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8386	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8665	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9634	Signature

URL	Date	SRC

URL	Date	SRC
http://www.securityfocus.com/bid/34481	2018-10-11
https://support.ntp.org/bugs/show_bug.cgi?id=1144	2018-10-11

URL	Date	SRC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc	2018-10-11
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html	2018-10-11
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html	2018-10-11
http://marc.info/?l=bugtraq&m=136482797910018&w=2	2018-10-11
http://rhn.redhat.com/errata/RHSA-2009-1039.html	2018-10-11
http://rhn.redhat.com/errata/RHSA-2009-1040.html	2018-10-11
http://secunia.com/advisories/34608	2018-10-11
http://secunia.com/advisories/35074	2018-10-11
http://secunia.com/advisories/35137	2018-10-11
http://secunia.com/advisories/35138	2018-10-11
http://secunia.com/advisories/35166	2018-10-11
http://secunia.com/advisories/35169	2018-10-11
http://secunia.com/advisories/35253	2018-10-11
http://secunia.com/advisories/35308	2018-10-11
http://secunia.com/advisories/35336	2018-10-11
http://secunia.com/advisories/35416	2018-10-11
http://secunia.com/advisories/35630	2018-10-11
http://secunia.com/advisories/37471	2018-10-11
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238	2018-10-11
http://www.debian.org/security/2009/dsa-1801	2018-10-11
http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml	2018-10-11
http://www.mandriva.com/security/advisories?name=MDVSA-2009:092	2018-10-11
http://www.vupen.com/english/advisories/2009/0999	2018-10-11
http://www.vupen.com/english/advisories/2009/1297	2018-10-11
http://www.vupen.com/english/advisories/2009/3316	2018-10-11
https://bugzilla.redhat.com/show_bug.cgi?id=490617	2009-12-08
https://rhn.redhat.com/errata/RHSA-2009-1651.html	2018-10-11
https://usn.ubuntu.com/777-1	2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html	2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html	2018-10-11
https://access.redhat.com/security/cve/CVE-2009-0159	2009-12-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				<= 4.2.4p7 Search vendor "Ntp" for product "Ntp" and version " <= 4.2.4p7"		rc1		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.0.72 Search vendor "Ntp" for product "Ntp" and version "4.0.72"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.0.73 Search vendor "Ntp" for product "Ntp" and version "4.0.73"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.0.90 Search vendor "Ntp" for product "Ntp" and version "4.0.90"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.0.91 Search vendor "Ntp" for product "Ntp" and version "4.0.91"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.0.92 Search vendor "Ntp" for product "Ntp" and version "4.0.92"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.0.93 Search vendor "Ntp" for product "Ntp" and version "4.0.93"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.0.94 Search vendor "Ntp" for product "Ntp" and version "4.0.94"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.0.95 Search vendor "Ntp" for product "Ntp" and version "4.0.95"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.0.96 Search vendor "Ntp" for product "Ntp" and version "4.0.96"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.0.97 Search vendor "Ntp" for product "Ntp" and version "4.0.97"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.0.98 Search vendor "Ntp" for product "Ntp" and version "4.0.98"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.0.99 Search vendor "Ntp" for product "Ntp" and version "4.0.99"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.1.0 Search vendor "Ntp" for product "Ntp" and version "4.1.0"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.1.2 Search vendor "Ntp" for product "Ntp" and version "4.1.2"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.0 Search vendor "Ntp" for product "Ntp" and version "4.2.0"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.2 Search vendor "Ntp" for product "Ntp" and version "4.2.2"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.2p1 Search vendor "Ntp" for product "Ntp" and version "4.2.2p1"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.2p2 Search vendor "Ntp" for product "Ntp" and version "4.2.2p2"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.2p3 Search vendor "Ntp" for product "Ntp" and version "4.2.2p3"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.2p4 Search vendor "Ntp" for product "Ntp" and version "4.2.2p4"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.4 Search vendor "Ntp" for product "Ntp" and version "4.2.4"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.4p0 Search vendor "Ntp" for product "Ntp" and version "4.2.4p0"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.4p1 Search vendor "Ntp" for product "Ntp" and version "4.2.4p1"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.4p2 Search vendor "Ntp" for product "Ntp" and version "4.2.4p2"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.4p3 Search vendor "Ntp" for product "Ntp" and version "4.2.4p3"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.4p4 Search vendor "Ntp" for product "Ntp" and version "4.2.4p4"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.4p5 Search vendor "Ntp" for product "Ntp" and version "4.2.4p5"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.4p6 Search vendor "Ntp" for product "Ntp" and version "4.2.4p6"		-		Affected