ports/134755: vuxml submission for net/ntp
Mark Foster
mark at foster.cc
Wed May 20 14:40:05 UTC 2009
>Number: 134755
>Category: ports
>Synopsis: vuxml submission for net/ntp
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed May 20 14:40:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Mark Foster
>Release: 7.1 RELEASE
>Organization:
Credentia
>Environment:
>Description:
I did not see an existing pr for this so am submitting one.
This also affects base, which has 4.2.4p5
>How-To-Repeat:
>Fix:
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="4175c811-f690-4898-87c5-755b3cf1bac6">
<topic>ntp -- Stack-based buffer overflow in ntpd crypto_recv function</topic>
<affects>
<package>
<name>ntp</name>
<range><lt>4.2.4p7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>US-CERT reports:</p>
<blockquote cite="http://www.kb.cert.org/vuls/id/853097">
<p>ntpd contains a stack buffer overflow which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service. </p>
</blockquote>
</body>
</description>
<references>
<bid>35017</bid>
<cvename>CVE-2009-0159</cvename>
<cvename>CVE-2009-1252</cvename>
<url>http://www.kb.cert.org/vuls/id/853097</url>
</references>
<dates>
<discovery>2009-05-06</discovery>
<entry>2009-05-20</entry>
</dates>
</vuln>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list