-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                         ESB-2009.0484 -- [Debian]
                        ntp: Execute Arbitrary Code
                                20 May 2009

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              ntp
Publisher:            Debian
Operating System:     Debian GNU/Linux 4.0
                      Debian GNU/Linux 5.0
Impact:               Execute Arbitrary Code/Commands
                      Denial of Service
Access:               Remote/Unauthenticated
CVE Names:            CVE-2009-1252 CVE-2009-0159

Ref:                  ESB-2009.0359
                      ESB-2009.0459
                      ESB-2009.0475

Original Bulletin:    http://www.debian.org/security/2009/dsa-1801

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1801-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
May 19, 2009                          http://www.debian.org/security/faq
- - ------------------------------------------------------------------------

Package        : ntp
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2009-0159 CVE-2009-1252
CERT advisory  : VU#853097
Debian Bug     : 525373

Several remote vulnerabilities have been discovered in NTP, the Network
Time Protocol reference implementation. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2009-0159

    A buffer overflow in ntpq allow a remote NTP server to create a
    denial of service attack or to execute arbitrary code via a crafted
    response.

CVE-2009-1252

    A buffer overflow in ntpd allows a remote attacker to create a
    denial of service attack or to execute arbitrary code when the
    autokey functionality is enabled.

For the old stable distribution (etch), these problems have been fixed in
version 4.2.2.p4+dfsg-2etch3.

For the stable distribution (lenny), these problems have been fixed in
version 4.2.4p4+dfsg-8lenny2.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your ntp package.

Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3.dsc
    Size/MD5 checksum:      906 8a1376e7b9883a31aeef2b242cddafb3
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz
    Size/MD5 checksum:  2199764 ad746cda2d90dbb9ed06fe164273c5d0
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3.diff.gz
    Size/MD5 checksum:   182790 1bef0f3e23bc046d7c70b60f257abce8

Architecture independent packages:

  http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-2etch3_all.deb
    Size/MD5 checksum:    28068 980216d8940c6f35ef734e8b4696bedb
  http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-2etch3_all.deb
    Size/MD5 checksum:   909142 a4f0b0390ef1d8ea3b42e9f79aa6419c
  http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch3_all.deb
    Size/MD5 checksum:    28070 1a62301f74fc9ef23e73b86b168995d1

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_alpha.deb
    Size/MD5 checksum:    64896 334da9b0c10e3d061d40313cff2f4aba
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_alpha.deb
    Size/MD5 checksum:   407926 2ea4e315e61be332e2799152d117828f

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_amd64.deb
    Size/MD5 checksum:   359278 206749f2d5cddbb47f43cadf031200f6
  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_amd64.deb
    Size/MD5 checksum:    61468 d7c76761a5b81efc6ad09d7339c65f65

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_arm.deb
    Size/MD5 checksum:    59472 b7e6f73ba7ecc1b950f5ce4b8713bbc8
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_arm.deb
    Size/MD5 checksum:   343500 918b4ed05ccc9beef8b17ed820076736

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_hppa.deb
    Size/MD5 checksum:    62008 718ac291a6d5bd5cee16da1ba332277a
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_hppa.deb
    Size/MD5 checksum:   372266 a8801148122304f201143b3c83212ef1

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_i386.deb
    Size/MD5 checksum:    58244 1e2645f55d880f0b32b189c788a6fa6e
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_i386.deb
    Size/MD5 checksum:   330784 2cffe9ce5766d3b3a7dd716451f9940d

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_ia64.deb
    Size/MD5 checksum:    74564 11dc5d9603aa107736e25e73a999fed9
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_ia64.deb
    Size/MD5 checksum:   523190 4b92e21247b790d31d87cae43288860e

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_mips.deb
    Size/MD5 checksum:   382548 7ebe4c29857af28a1d0d47341c03ed9f
  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_mips.deb
    Size/MD5 checksum:    63444 1479ed9849e0da2119fedd3c07ef0c6e

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_mipsel.deb
    Size/MD5 checksum:   390040 7338922ec7c8a810374913a5440b84c8
  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_mipsel.deb
    Size/MD5 checksum:    63986 63cf40dbea34d855dfa0b4dcab148753

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_powerpc.deb
    Size/MD5 checksum:   358710 14eebc6b0f1b5566398761c0e9387e06
  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_powerpc.deb
    Size/MD5 checksum:    61548 6f7d62dbce9a7e476c5740556e05adbe

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_s390.deb
    Size/MD5 checksum:    61102 1cbb204bb34886adaf67f65add882fb6
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_s390.deb
    Size/MD5 checksum:   350088 2a27fe8eaedfac99221d0e0958750b69

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_sparc.deb
    Size/MD5 checksum:    58438 3c247f0d8b30fd8eb287fbf5429bb25a
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_sparc.deb
    Size/MD5 checksum:   332082 4506ffc7cdbc545decc4ebd726cc0fb3

Debian GNU/Linux 5.0 alias lenny
- - --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
    Size/MD5 checksum:  2835029 dc2b3ac9cc04b0f29df35467514c9884
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2.diff.gz
    Size/MD5 checksum:   300806 7b70febe5a8b2731da1f6bc60e7095e6
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2.dsc
    Size/MD5 checksum:     1459 b72ceb69656ba2fe3374e7a793c8c2c0

Architecture independent packages:

  http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.4p4+dfsg-8lenny2_all.deb
    Size/MD5 checksum:   929700 36d1605577c6243875f4e35d9c40c9e8

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_alpha.deb
    Size/MD5 checksum:    66636 f732a56b27be857f1a4ae7bde9bac056
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_alpha.deb
    Size/MD5 checksum:   537528 32e7a25e224daeb2a4c3e3b8bdd88006

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_amd64.deb
    Size/MD5 checksum:    63726 39a38d2d30352145617b63b0f1808832
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_amd64.deb
    Size/MD5 checksum:   480718 88defc4b9564804bac6c0d1b91b4207b

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_arm.deb
    Size/MD5 checksum:   448040 2512a1f1d5f1af9484d3c02cef012aed
  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_arm.deb
    Size/MD5 checksum:    61078 89dbb40bd4aa2644572e90de539733c7

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_armel.deb
    Size/MD5 checksum:    62376 6c47db082b725923eaa4b54b0ea3e090
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_armel.deb
    Size/MD5 checksum:   458818 9339249185118e58f3575e43d0da862f

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_hppa.deb
    Size/MD5 checksum:   485606 005701aa3a2f141f996d1cc6c69154a8
  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_hppa.deb
    Size/MD5 checksum:    63698 a28856e22f368954f6a61de73815b204

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_i386.deb
    Size/MD5 checksum:   432098 b237d149bc205c7d644cf0b891cbae4e
  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_i386.deb
    Size/MD5 checksum:    60078 2a661bfaf8dd05ec49c39b27fe44a5d2

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_ia64.deb
    Size/MD5 checksum:    76208 aba226d105228a2be266a2eb9aa97aeb
  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_ia64.deb
    Size/MD5 checksum:   707612 1d676bd6a79da49a32f28b756c074c8d

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_mips.deb
    Size/MD5 checksum:   488812 8c95d2d99443cffd777a9ec175fda92d
  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_mips.deb
    Size/MD5 checksum:    64026 3401aa68f558315d3fa4a397444ae375

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_mipsel.deb
    Size/MD5 checksum:   500628 c78913c3cb8b36474f7bb884facf2caa
  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_mipsel.deb
    Size/MD5 checksum:    64614 96a808c0dcd3f0189ac5b12bc35b1616

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_powerpc.deb
    Size/MD5 checksum:   490410 ed37bad3d4586ca982f1884ebecca859
  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_powerpc.deb
    Size/MD5 checksum:    65298 bb30faf8ab938a762e3e6eef61dd5be1

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_s390.deb
    Size/MD5 checksum:   473862 d4cdb4b995504b0037b41bffee80f6da
  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_s390.deb
    Size/MD5 checksum:    63476 b6f43878943e279469da4e4b5f9841a9

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_sparc.deb
    Size/MD5 checksum:   440966 94363f0f4b0a3681601553e70f3549e5
  http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_sparc.deb
    Size/MD5 checksum:    60640 dcfd2724e17a9ed85620d0153eb55eac


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: 
ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJKEroGAAoJECIIoQCMVaAchDEH/2Pqj8ygk5rtBnKgNmSe8Nln
H270HC1OHsrRBC+Rkbz/ua991+ycEbGHcRzUVRgpp94QbqESMI/nfFN2drLyabwu
jAP8G9wvdPtTAorKPjkXBUWfV84tQ8zVO9/R/dxgUN3xHnVNnFX5rg/JElkA1lfS
VVjk8p/YG6wvVEd3nUshdH5yG1GKZMzIK1NXupViKFv8Xz/Pfx2oLFWm4cH6Jdmy
h+c53C8fSLLtDL1j2ADBWwEfZfun8p3K0jwqNT83B+gIH4jYgzpmB2cU7C4ljlE+
h89SreSes1jOg+OZz4UjPQJ2tFtETEGWCVhwq2hqWOhx5AEB+DBW9qWKtLtqqKw=
=jvWf
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFKE03vNVH5XJJInbgRAujeAJ99He71+LW2yqf3L7crgsur01UbpACeKIWY
8eJ8vnHphOuXrnZHJwgjAk8=
=Dl9g
-----END PGP SIGNATURE-----