NTP BUG 1151: Remote exploit if autokey is enabled

Last update: January 15, 2024 18:03 UTC (83e32bc41)


Resolved Stable (4.2.4p7)
Development (4.2.5p74)
4 Mar 2009
10 Sep 2007
References Bug 1151 CVE-2009-1252
Affects All releases from 4.0.99m/4.1.70 (2001-08-15) through 4.2.4 before 4.2.4p7 and 4.2.5 before 4.2.5p74. Resolved in 4.2.4p7 and 4.2.5p74.
CVSS2 Score 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P


When Autokey Authentication is enabled (i.e. the ntp.conf file contains a crypto pw ... directive) a remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process.



This vulnerability was discovered by Chis Ries of CMU.