CVE-2009-1252

Description

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.

How to fix CVE-2009-1252

To remediate CVE-2009-1252, upgrade the affected package to a fixed version below.

• Debian/ntp—upgrade to 1:4.2.4p6+dfsg-2 or later

Is CVE-2009-1252 being exploited?

Likely — EPSS is 72.1%, placing CVE-2009-1252 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 1:4.2.4p6+dfsg-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-1252