Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=e89e27fb7e5d5be185ccf9222fd37984b7d51cba
commit e89e27fb7e5d5be185ccf9222fd37984b7d51cba Author: Miklos Vajna <vmik...@frugalware.org> Date: Sat May 30 12:41:58 2009 +0200 FSA607-ntp diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 5efb425..cf56560 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,19 @@ <fsas> <fsa> + <id>607</id> + <date>2009-05-30</date> + <author>Miklos Vajna</author> + <package>ntp</package> + <vulnerable>4.2.4p6-1</vulnerable> + <unaffected>4.2.4p7-1anacreon1</unaffected> + <bts>http://bugs.frugalware.org/task/3792</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252</cve> + <desc>A vulnerability has been reported in NTP, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. + The vulnerability is caused due to a boundary error within the "crypto_recv()" function in ntpd/ntp_crypto.c. This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to the "ntpd". + Successful exploitation allows execution of arbitrary code, but requires that Autokey Authentication is configured via "crypto pw [password]" in ntp.conf.</desc> + </fsa> + <fsa> <id>606</id> <date>2009-05-30</date> <author>Miklos Vajna</author> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git