[PLSA 2009-55] Ntp: Buffer Overflow
- Severity: 2
- Type: Remote
- Release Date: 2009-04-12
Apple discovered a stack-based buffer overflow in the ntpq program.
When the ntpq program is used to request peer information from a remote time server, a maliciously crafted response may lead to an unexpected application termination or arbitrary code execution.
The buffer overflow is limited to two bytes, so a code execution impact is unlikely, but this is dependent on the stack layout generated by cc.
- ntp-client, all before 4.2.4_p6-10-4
- ntp-server, all before 4.2.4_p6-10-4
There are update(s) for ntp-client, ntp-server. You can update them via Package Manager or with a single command from console:
pisi up ntp-client ntp-server