exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 777-1

Ubuntu Security Notice 777-1
Posted May 20, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-777-1 - A stack-based buffer overflow was discovered in ntpq. If a user were tricked into connecting to a malicious ntp server, a remote attacker could cause a denial of service in ntpq, or possibly execute arbitrary code with the privileges of the user invoking the program. Chris Ries discovered a stack-based overflow in ntp. If ntp was configured to use autokey, a remote attacker could send a crafted packet to cause a denial of service, or possible execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0159, CVE-2009-1252
SHA-256 | 55c1eeff974661777e2e48e1335608940fb002dbffde0d8cd36f061646d2a5fe

Ubuntu Security Notice 777-1

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-777-1 May 19, 2009
ntp vulnerabilities
CVE-2009-0159, CVE-2009-1252
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
ntp 1:4.2.0a+stable-8.1ubuntu6.2
ntp-server 1:4.2.0a+stable-8.1ubuntu6.2

Ubuntu 8.04 LTS:
ntp 1:4.2.4p4+dfsg-3ubuntu2.2

Ubuntu 8.10:
ntp 1:4.2.4p4+dfsg-6ubuntu2.3

Ubuntu 9.04:
ntp 1:4.2.4p4+dfsg-7ubuntu5.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A stack-based buffer overflow was discovered in ntpq. If a user were
tricked into connecting to a malicious ntp server, a remote attacker could
cause a denial of service in ntpq, or possibly execute arbitrary code with
the privileges of the user invoking the program. (CVE-2009-0159)

Chris Ries discovered a stack-based overflow in ntp. If ntp was configured
to use autokey, a remote attacker could send a crafted packet to cause a
denial of service, or possible execute arbitrary code. (CVE-2009-1252)


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.2.diff.gz
Size/MD5: 262624 3c306d4e68810bfa91f72a5b92cd0308
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.2.dsc
Size/MD5: 872 10eff071be4ba03f992b7d2d240c1f0c
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz
Size/MD5: 2272395 30f8b3d5b970c14dce5c6d8c922afa3e

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.0a+stable-8.1ubuntu6.2_all.deb
Size/MD5: 891104 94f3aec7998e4a9e1e48180d79fd659b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.2_amd64.deb
Size/MD5: 34892 b92a4deecbc84b6d842bf7856727d921
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.2_amd64.deb
Size/MD5: 136264 62e7a8b3240502f3e404225a6c24a976
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.2_amd64.deb
Size/MD5: 270440 0b264494db3ba53cf233ff112a40796b
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.2_amd64.deb
Size/MD5: 47810 edce44b9fc109133209069b17301f476
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.2_amd64.deb
Size/MD5: 224034 9aa4a9a74c72607acc3c858b7c6d4366

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.2_i386.deb
Size/MD5: 33806 25b469db17cbb30269d5ae5d763ab0f2
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.2_i386.deb
Size/MD5: 121560 7360b2078ee05de0d67f779dae5d67c8
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.2_i386.deb
Size/MD5: 256644 a2164630c3011129f4b22d0b82c4259c
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.2_i386.deb
Size/MD5: 44472 681b58a3dd5cbdc0f845f6c0ac670d7a
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.2_i386.deb
Size/MD5: 198342 4156eb43918077c9afe35748c5678b44

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.2_powerpc.deb
Size/MD5: 37052 844fcdf80da06e0805b749ef4bc3df9f
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.2_powerpc.deb
Size/MD5: 135060 91c6db51fb366fc544a3a601d9f22f65
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.2_powerpc.deb
Size/MD5: 271370 aff69d174dd8c57d24c38e82b2191af2
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.2_powerpc.deb
Size/MD5: 49126 11d131cbcdbf88785904923df5e247e6
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.2_powerpc.deb
Size/MD5: 222152 92b60a7767280429184b84b96b1ce5fe

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.2_sparc.deb
Size/MD5: 34310 c45a59691738e4b62bcbd3bbcf7f7c9c
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.2_sparc.deb
Size/MD5: 126660 9ad4394cc7381174485993ba41001dff
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.2_sparc.deb
Size/MD5: 261548 8d1375b6941de24ee31db196c7e3569c
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.2_sparc.deb
Size/MD5: 46674 e987304d551d69052763b1aa377244a1
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.2_sparc.deb
Size/MD5: 207388 ba43f80287f44ee657660deca2b2d0e5

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.2.diff.gz
Size/MD5: 286728 3855e15b60b98d7c1c39ca58f69eb42f
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.2.dsc
Size/MD5: 1046 f9c6b3c9adf0c5fbd7bd32af16cfda72
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-3ubuntu2.2_all.deb
Size/MD5: 928002 d7ec157baefbc58639a9e405427a5a8c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.2_amd64.deb
Size/MD5: 477248 d671d47c0401997a02a2c2f11e9f4d7e
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.2_amd64.deb
Size/MD5: 65082 2c68f30b996b18118b4b85f8d0bb2f3f

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.2_i386.deb
Size/MD5: 432480 13c4d104fe6e46088030628931bfa3cc
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.2_i386.deb
Size/MD5: 61124 94c7efececf2038c93c8add72d8207ce

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.2_lpia.deb
Size/MD5: 435346 73421fbab6633303b700aeec6a6213e7
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.2_lpia.deb
Size/MD5: 61074 7bf665dfd5a9585fa08121239847623d

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.2_powerpc.deb
Size/MD5: 490358 51cc28d99069364d840bd037585e5b38
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.2_powerpc.deb
Size/MD5: 66666 dd9c787890761ffac75fab20d2660d3e

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.2_sparc.deb
Size/MD5: 442246 1b5ca2fd902af277675fe1963327679b
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.2_sparc.deb
Size/MD5: 61866 cfad1625994273cd8d1c701ec108266b

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.3.diff.gz
Size/MD5: 305715 3f331886531036808a2c2b3a32d78a0f
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.3.dsc
Size/MD5: 1555 a887f244ea74ecce910a8ebfb159573c
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-6ubuntu2.3_all.deb
Size/MD5: 928660 72eb9329b637897a085bf23df35035ee

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.3_amd64.deb
Size/MD5: 487118 7af13d44b196c632abf090357d904f7d
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.3_amd64.deb
Size/MD5: 66026 2295725e3b86ed6dbb05fcb6c99dc612

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.3_i386.deb
Size/MD5: 442228 dc12ebb96df581dbb97506171bb155c3
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.3_i386.deb
Size/MD5: 62216 cea15129abf766907060a4e164a69730

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.3_lpia.deb
Size/MD5: 441604 dd4be304cbe8c4c422bbab3ec68499fa
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.3_lpia.deb
Size/MD5: 61986 442b34ba10fcbc95ab2a3ce08d2743b1

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.3_powerpc.deb
Size/MD5: 491218 c1b38cfd8dcead19bab8dd71988f4b83
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.3_powerpc.deb
Size/MD5: 67036 1f64d1eefd532fa24856fd54ec7f2798

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.3_sparc.deb
Size/MD5: 449306 a423c4417af2e5fe76e7a9a7fe61378b
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.3_sparc.deb
Size/MD5: 62736 cd33d3395ac312dde92557df1a357e7e

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.1.diff.gz
Size/MD5: 306018 1f7251838d9aeb8e9d8c6e32e7f25cac
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.1.dsc
Size/MD5: 1556 4c2bd40a447f612050281a771cbd727d
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-7ubuntu5.1_all.deb
Size/MD5: 928978 f5c3fee6798769926a54edd1ca723ae6

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.1_amd64.deb
Size/MD5: 487468 2eab3d5589fa5cb6158ad3e9868e75cc
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.1_amd64.deb
Size/MD5: 66338 b714b28096a7d4d3c097785c570b0daa

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.1_i386.deb
Size/MD5: 442532 4be64f24b65762d9fd7e0da2c6f13402
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.1_i386.deb
Size/MD5: 62582 b264e7cd0451c906b33e1c290d8486d5

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.1_lpia.deb
Size/MD5: 441976 5d0b2cea98ac625c4caeaceea178a896
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.1_lpia.deb
Size/MD5: 62330 055cf1659c234b249812092926162a69

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.1_powerpc.deb
Size/MD5: 491418 e3b09166b30a91b4ad6641200b799cd5
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.1_powerpc.deb
Size/MD5: 67428 f0643d6734f76630497bcd6de9d62a09

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.1_sparc.deb
Size/MD5: 449352 56988b15e8fd2ab15060ee9c7755920e
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.1_sparc.deb
Size/MD5: 63058 1a10d80527f39e62fc59998c40a47162


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close