NVD Vulnerability Detail

CVE-2009-0159

Summary	Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
Publication Date	April 15, 2009, 12:30 a.m.
Registration Date	Jan. 29, 2021, 1:13 p.m.
Last Update	Oct. 12, 2018, 6 a.m.

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	はい

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ntp:ntp:4.0.72:::::::*
cpe:2.3:a:ntp:ntp:4.0.73:::::::*
cpe:2.3:a:ntp:ntp:4.0.90:::::::*
cpe:2.3:a:ntp:ntp:4.0.91:::::::*
cpe:2.3:a:ntp:ntp:4.0.92:::::::*
cpe:2.3:a:ntp:ntp:4.0.93:::::::*
cpe:2.3:a:ntp:ntp:4.0.94:::::::*
cpe:2.3:a:ntp:ntp:4.0.95:::::::*
cpe:2.3:a:ntp:ntp:4.0.96:::::::*
cpe:2.3:a:ntp:ntp:4.0.97:::::::*
cpe:2.3:a:ntp:ntp:4.0.98:::::::*
cpe:2.3:a:ntp:ntp:4.0.99:::::::*
cpe:2.3:a:ntp:ntp:4.1.0:::::::*
cpe:2.3:a:ntp:ntp:4.1.2:::::::*
cpe:2.3:a:ntp:ntp:4.2.0:::::::*
cpe:2.3:a:ntp:ntp:4.2.2:::::::*
cpe:2.3:a:ntp:ntp:4.2.2p1:::::::*
cpe:2.3:a:ntp:ntp:4.2.2p2:::::::*
cpe:2.3:a:ntp:ntp:4.2.2p3:::::::*
cpe:2.3:a:ntp:ntp:4.2.2p4:::::::*
cpe:2.3:a:ntp:ntp:4.2.4:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p0:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p1:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p2:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p3:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p4:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p5:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p6:::::::*
cpe:2.3:a:ntp:ntp::rc1::::::*		4.2.4p7

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc	NETBSD
2	http://bugs.pardus.org.tr/show_bug.cgi?id=9532	CONFIRM
3	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html	APPLE
4	http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html	SUSE
5	http://marc.info/?l=bugtraq&m=136482797910018&w=2	HP
6	http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565	CONFIRM
7	http://osvdb.org/53593	OSVDB
8	http://rhn.redhat.com/errata/RHSA-2009-1039.html	REDHAT
9	http://rhn.redhat.com/errata/RHSA-2009-1040.html	REDHAT
10	http://secunia.com/advisories/34608	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/35074	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/35137	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/35138	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/35166	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/35169	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/35253	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/35308	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/35336	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/35416	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/35630	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/37471	SECUNIA	Vendor Advisory
22	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238	SLACKWARE
23	http://support.apple.com/kb/HT3549	CONFIRM
24	http://www.debian.org/security/2009/dsa-1801	DEBIAN
25	http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml	GENTOO
26	http://www.mandriva.com/security/advisories?name=MDVSA-2009:092	MANDRIVA
27	http://www.securityfocus.com/archive/1/507985/100/0/threaded	BUGTRAQ
28	http://www.securityfocus.com/bid/34481	BID	Patch
29	http://www.securitytracker.com/id?1022033	SECTRACK
30	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	CERT	US Government Resource
31	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	CONFIRM
32	http://www.vupen.com/english/advisories/2009/0999	VUPEN	Vendor Advisory
33	http://www.vupen.com/english/advisories/2009/1297	VUPEN	Vendor Advisory
34	http://www.vupen.com/english/advisories/2009/3316	VUPEN	Vendor Advisory
35	https://bugzilla.redhat.com/show_bug.cgi?id=490617	CONFIRM
36	https://exchange.xforce.ibmcloud.com/vulnerabilities/49838	XF
37	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19392	OVAL
38	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5411	OVAL
39	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8386	OVAL
40	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8665	OVAL
41	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9634	OVAL
42	https://rhn.redhat.com/errata/RHSA-2009-1651.html	REDHAT
43	https://support.ntp.org/bugs/show_bug.cgi?id=1144	CONFIRM	Patch
44	https://usn.ubuntu.com/777-1/	UBUNTU
45	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html	FEDORA
46	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html	FEDORA

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

NTP の ntpq における任意のコードを実行される脆弱性

Title	NTP の ntpq における任意のコードを実行される脆弱性
Summary	NTP の ntpq にある ntpq/ntpq.c 内の cookedprint 関数には、レスポンスの処理に不備があるため、任意のコードを実行される脆弱性が存在します。
Possible impacts	リモートの NTP サーバにより、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 14, 2009, midnight
Registration Date	June 26, 2009, 2:07 p.m.
Last Update	March 27, 2012, 11:35 a.m.

Affected System

レッドハット

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.7 (as)

Red Hat Enterprise Linux 4.7 (es)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux EUS 5.3.z (server)

ヒューレット・パッカード

HP-UX 11.11

HP-UX 11.23

HP-UX 11.31

NTP Project

NTP 4.2.4p7-RC2 未満

オラクル

Netra SPARC T3-1

Netra SPARC T3-1B

Netra SPARC T3-1BA

SPARC T3-1

SPARC T3-1B

SPARC T3-2

SPARC T3-4

ターボリナックス

Turbolinux Appliance Server 2.0

Turbolinux Appliance Server 3.0

Turbolinux Appliance Server 3.0 (x64)

Turbolinux Client 2008

Turbolinux FUJI

Turbolinux Server 10

Turbolinux Server 10 (x64)

Turbolinux Server 11

Turbolinux Server 11 (x64)

サイバートラスト株式会社

Asianux Server 2.0

Asianux Server 2.1

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 3.0

Asianux Server 3.0 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

アップル

Apple Mac OS X v10.4.11

Apple Mac OS X v10.5 から v10.5.6

Apple Mac OS X Server v10.4.11

Apple Mac OS X Server v10.5 から v10.5.6

VMware

VMware ESX 2.5.5

VMware ESX 3.0.3

VMware ESX 3.5

VMware ESX 4.0

VMware ESXi 3.5

VMware ESXi 4.0

VMware vMA 4.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-0159	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
National Vulnerability Database (NVD)
2	CVE-2009-0159	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0159

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT3549	http://support.apple.com/kb/HT3549
Apple セキュリティアップデート
2	HT3549	http://support.apple.com/kb/HT3549?viewlocale=ja_JP
Asianux Technical Support Network
3	ntp-4.2.2p1-9.2.1AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=435
HP Security Bulletin
4	HPSBUX02437	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01763606
MIRACLE LINUX アップデート情報
5	1719	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1719
6	1840	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1840
7	1841	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1841
ntp.org
8	Top Page	http://www.ntp.org/
Red Hat Security Advisory
9	RHSA-2009:1039	https://rhn.redhat.com/errata/RHSA-2009-1039.html
10	RHSA-2009:1040	https://rhn.redhat.com/errata/RHSA-2009-1040.html
11	RHSA-2009:1651	https://rhn.redhat.com/errata/RHSA-2009-1651.html
SECURITY BLOG
12	multiple_vulnerabilities_in_network_time	http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_network_time
Turbolinux Security Advisory (英語)
13	TLSA-2009-17	http://www.turbolinux.com/security/2009/TLSA-2009-17.txt
VMware Security Advisories
14	VMSA-2009-0016	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
レッドハットセキュリティーアップデート
15	RHSA-2009:1039	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1039J.html
16	RHSA-2009:1040	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1040J.html
17	RHSA-2009:1651	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1651J.html
富士通セキュリティ情報
18	TA09-133A	http://software.fujitsu.com/jp/security/vulnerabilities/ta09-133a.html
製品セキュリティ情報
19	TLSA-2009-17	http://www.turbolinux.co.jp/security/2009/TLSA-2009-17j.txt

その他

No	Name	URL
ISS X-Force Database
1	49838	http://xforce.iss.net/xforce/xfdb/49838
JVN
2	JVNTA09-133A	http://jvn.jp/cert/JVNTA09-133A/
JVN Status Tracking Notes
3	JVNTR-2009-12	http://jvn.jp/tr/JVNTR-2009-12
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
4	53593	http://osvdb.org/53593
Secunia Advisory
5	SA34608	http://secunia.com/advisories/34608
6	SA35074	http://secunia.com/advisories/35074
7	SA35138	http://secunia.com/advisories/35138
8	SA35166	http://secunia.com/advisories/35166
SecurityFocus
9	34481	http://www.securityfocus.com/bid/34481
SecurityTracker
10	1022033	http://www.securitytracker.com/id?1022033
US-CERT Cyber Security Alerts
11	SA09-133A	http://www.us-cert.gov/cas/alerts/SA09-133A.html
US-CERT Technical Cyber Security Alert
12	TA09-133A	http://www.us-cert.gov/cas/techalerts/TA09-133A.html
VUPEN Security
13	VUPEN/ADV-2009-0999	http://www.vupen.com/english/advisories/2009/0999
14	VUPEN/ADV-2009-1297	http://www.vupen.com/english/advisories/2009/1297

Change Log

No	Changed Details	Date of change
0	[2009年06月26日] 掲載 [2009年08月17日] 影響を受けるシステム：ヒューレット・パッカード (HPSBUX02437) の情報を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02437) を追加 [2010年01月19日] 影響を受けるシステム：ミラクル・リナックス (1840) の情報を追加影響を受けるシステム：ミラクル・リナックス (1841) の情報を追加影響を受けるシステム：レッドハット (RHSA-2009:1651) の情報を追加ベンダ情報：ミラクル・リナックス (1840) を追加ベンダ情報：ミラクル・リナックス (1841) を追加ベンダ情報：レッドハット (RHSA-2009:1651) を追加 [2011年12月28日] 影響を受けるシステム：VMware (VMSA-2009-0016) の情報を追加影響を受けるシステム：オラクル (multiple_vulnerabilities_in_network_time) の情報を追加ベンダ情報：VMware (VMSA-2009-0016) を追加ベンダ情報：オラクル (multiple_vulnerabilities_in_network_time) を追加 [2012年03月27日] 影響を受けるシステム：オラクル (multiple_vulnerabilities_in_network_time) の情報を更新	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ntp:ntp:4.0.72:::::::*
cpe:2.3:a:ntp:ntp:4.0.73:::::::*
cpe:2.3:a:ntp:ntp:4.0.90:::::::*
cpe:2.3:a:ntp:ntp:4.0.91:::::::*
cpe:2.3:a:ntp:ntp:4.0.92:::::::*
cpe:2.3:a:ntp:ntp:4.0.93:::::::*
cpe:2.3:a:ntp:ntp:4.0.94:::::::*
cpe:2.3:a:ntp:ntp:4.0.95:::::::*
cpe:2.3:a:ntp:ntp:4.0.96:::::::*
cpe:2.3:a:ntp:ntp:4.0.97:::::::*
cpe:2.3:a:ntp:ntp:4.0.98:::::::*
cpe:2.3:a:ntp:ntp:4.0.99:::::::*
cpe:2.3:a:ntp:ntp:4.1.0:::::::*
cpe:2.3:a:ntp:ntp:4.1.2:::::::*
cpe:2.3:a:ntp:ntp:4.2.0:::::::*
cpe:2.3:a:ntp:ntp:4.2.2:::::::*
cpe:2.3:a:ntp:ntp:4.2.2p1:::::::*
cpe:2.3:a:ntp:ntp:4.2.2p2:::::::*
cpe:2.3:a:ntp:ntp:4.2.2p3:::::::*
cpe:2.3:a:ntp:ntp:4.2.2p4:::::::*
cpe:2.3:a:ntp:ntp:4.2.4:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p0:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p1:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p2:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p3:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p4:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p5:::::::*
cpe:2.3:a:ntp:ntp:4.2.4p6:::::::*
cpe:2.3:a:ntp:ntp::rc1::::::*		4.2.4p7