Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in ntp
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in ntp
ID: TLSA-2009-17
Distribution: TurboLinux
Plattformen: Turbolinux Client 2008, Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Appliance Server 3.0, Turbolinux Appliance Server 3.0 x64 Edition
Datum: Di, 9. Juni 2009, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
Applikationen: NTP

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2009-17
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 08 Jun 2009
Last revised: 08 Jun 2009

Package: ntp

Summary: Stack-based buffer overflow in ntp

More information:
The Network Time Protocol (NTP) is used to synchronize the time of a
computer
client or server to another server or reference time source, such as a
radio or
satellite receiver or modem.

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in
ntpq in NTP
before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via
a crafted response. (CVE-2009-0159)

Affected Products:
- Turbolinux Client 2008
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server


<Turbolinux Client 2008>

Source Packages
Size: MD5

ntp-4.2.4p3-6.src.rpm
3440367 311a060a5e0b7e75b6e9f85019d41f6c

Binary Packages
Size: MD5

ntp-4.2.4p3-6.i586.rpm
1204985 d537853b4af887a3b755931f61dff64a

<Turbolinux Appliance Server 3.0 x64 Edition>

Source Packages
Size: MD5

ntp-4.2.4p3-4.src.rpm
3447067 f5c809425cbc78c4a392e239f8828c4a

Binary Packages
Size: MD5

ntp-4.2.4p3-4.x86_64.rpm
1228879 a23f3b53a6c23b7b5d18bd7d70a5d7d2
ntp-server-4.2.4p3-4.x86_64.rpm
245711 cf7a6ec4cfc2359878ebc78b9906fc1e

<Turbolinux Appliance Server 3.0>

Source Packages
Size: MD5

ntp-4.2.4p3-4.src.rpm
3447067 f5c809425cbc78c4a392e239f8828c4a

Binary Packages
Size: MD5

ntp-4.2.4p3-4.i686.rpm
1208884 a6b16af92fe895fc1cc97ee72f4e1713
ntp-server-4.2.4p3-4.i686.rpm
240866 b1e8bf630137d136e34d065d85ab4b87

<Turbolinux 11 Server x64 Edition>

Source Packages
Size: MD5

ntp-4.2.4p3-4.src.rpm
3439312 567a351192efa1c2710d4ed50fe3b45f

Binary Packages
Size: MD5

ntp-4.2.4p3-4.x86_64.rpm
1228879 a23f3b53a6c23b7b5d18bd7d70a5d7d2
ntp-server-4.2.4p3-4.x86_64.rpm
245711 cf7a6ec4cfc2359878ebc78b9906fc1e

<Turbolinux 11 Server>

Source Packages
Size: MD5

ntp-4.2.4p3-4.src.rpm
3447067 f5c809425cbc78c4a392e239f8828c4a

Binary Packages
Size: MD5

ntp-4.2.4p3-4.i686.rpm
1208884 a6b16af92fe895fc1cc97ee72f4e1713
ntp-server-4.2.4p3-4.i686.rpm
240866 b1e8bf630137d136e34d065d85ab4b87

<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

ntp-4.2.0-11.src.rpm
2540976 acd1a94ba2acefcfa5b609c2c6daac9d

Binary Packages
Size: MD5

ntp-4.2.0-11.i586.rpm
1017267 a1b5846126bc11a697a378a8948673ea
ntp-server-4.2.0-11.i586.rpm
190192 7f349b62d74576317baacd2ec61d4440

<Turbolinux FUJI>

Source Packages
Size: MD5

ntp-4.2.0-11.src.rpm
2531382 a3b626a52b426eea7c0046efb2b4eda5

Binary Packages
Size: MD5

ntp-4.2.0-11.i686.rpm
1131445 459121f758a616a604930ed561d79415

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

ntp-4.2.0-11.src.rpm
2525333 2d224db5ba308c82e35e62acd60afded

Binary Packages
Size: MD5

ntp-4.2.0-11.x86_64.rpm
1032000 19645afd1a7a12da84f80f00edb5da0e
ntp-debug-4.2.0-11.x86_64.rpm
1310017 5e83e2d8a0625228455e38d6fd1ecf7a
ntp-server-4.2.0-11.x86_64.rpm
211991 5a6390ec2a74c36ae7a945804bc6bf4b

<Turbolinux Appliance Server 1.0 Workgroup Edition>

Source Packages
Size: MD5

xntp3-5.93-20.src.rpm
1975993 8e20c830c52f8448e97ff7490df13577

Binary Packages
Size: MD5

xntp3-5.93-20.i586.rpm
256797 c3eba171ffdef32771cece24418a757f
xntp3-server-5.93-20.i586.rpm
90743 e2444d170c11061b76c71afcdc3bc5f2

<Turbolinux 10 Server>

Source Packages
Size: MD5

ntp-4.2.0-11.src.rpm
2540976 acd1a94ba2acefcfa5b609c2c6daac9d

Binary Packages
Size: MD5

ntp-4.2.0-11.i586.rpm
1017267 a1b5846126bc11a697a378a8948673ea
ntp-debug-4.2.0-11.i586.rpm
1296626 d9441215c3b7e1faa82b7c4b233a1f4f
ntp-server-4.2.0-11.i586.rpm
190192 7f349b62d74576317baacd2ec61d4440


References:

CVE
[CVE-2009-0159]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159

--------------------------------------------------------------------------
Revision History
08 Jun 2009 Initial release
--------------------------------------------------------------------------

Copyright(C) 2009 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAkosmU4ACgkQK0LzjOqIJMyoIQCfVF7qHpmQgVB7BxosJZFaJq0F
s2YAn2/JPQU7hfwfhuR0PNjVzckXm5p1
=UZxV
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung