Bug 134755 - vuxml submission for net/ntp
Summary: vuxml submission for net/ntp
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Cy Schubert
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-05-20 15:40 UTC by mark
Modified: 2009-05-23 05:40 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description mark 2009-05-20 15:40:04 UTC
I did not see an existing pr for this so am submitting one.
This also affects base, which has 4.2.4p5

Fix: 

<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
   <vuln vid="4175c811-f690-4898-87c5-755b3cf1bac6">
     <topic>ntp -- Stack-based buffer overflow in ntpd crypto_recv function</topic>
     <affects>
       <package>
         <name>ntp</name>
         <range><lt>4.2.4p7</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
         <p>US-CERT reports:</p>
         <blockquote cite="http://www.kb.cert.org/vuls/id/853097">
           <p>ntpd contains a stack buffer overflow which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service. </p>
         </blockquote>
       </body>
     </description>
     <references>
      <bid>35017</bid>
      <cvename>CVE-2009-0159</cvename>
      <cvename>CVE-2009-1252</cvename>
      <url>http://www.kb.cert.org/vuls/id/853097</url>
     </references>
     <dates>
       <discovery>2009-05-06</discovery>
       <entry>2009-05-20</entry>
     </dates>
   </vuln>
Comment 1 Edwin Groothuis freebsd_committer 2009-05-20 15:40:24 UTC
Responsible Changed
From-To: freebsd-ports-bugs->cy

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer 2009-05-23 05:12:04 UTC
cy          2009-05-23 04:11:55 UTC

  FreeBSD ports repository

  Modified files:
    net/ntp              Makefile distinfo 
    net/ntp/files        patch-configure 
  Log:
  Update from 4.2.4p6 to 4.2.4p7.
  
  PR:             ports/134755
  
  Revision  Changes    Path
  1.54      +1 -1      ports/net/ntp/Makefile
  1.29      +3 -3      ports/net/ntp/distinfo
  1.4       +0 -10     ports/net/ntp/files/patch-configure
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Cy Schubert freebsd_committer 2009-05-23 05:37:07 UTC
State Changed
From-To: open->closed

Thanks for the vuxml information. Committed.
Comment 4 dfilter service freebsd_committer 2009-05-23 05:37:25 UTC
cy          2009-05-23 04:37:11 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  Add CVE information for NTP stack overflow.
  
  PR:             134755
  Submitted by:   Mark Foster <mark@foster.cc>
  Security:       CVE-2009-0159 and CVE-2009-1252
  
  Revision  Changes    Path
  1.1949    +29 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"