[--Vulnerability Summary--]
Title: Windows NTP Time Server Syslog Monitor 1.0.000 Denial of Service Vulnerability
Product: Windows NTP Time Server Syslog Monitor 1.0.000
Discovered: November 29, 2008
Discovered by: Rob Kraus, princeofnigeria (PoN)
Vendor: TimeTools
Vendor URL: http://www.timetools.co.uk
Player 2.5.x Linux not affected
ACE any any not affected
Server 2.x Window not being addressed at this time
Server 2.x Linux not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
Player 2.5.x Linux not affected
ACE any any not affected
Server 2.x Window not being addressed at this time
Server 2.x Linux not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
Problem Description:
Multiple vulnerabilities has been found and corrected in ntp:
Requesting peer information from a malicious remote time server
may lead to an unexpected application termination or arbitrary code
execution (CVE-2009-0159).
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4
authentication code. If ntpd was configured to use public key
Problem Description:
A vulnerability has been found and corrected in ntp:
Requesting peer information from a malicious remote time server
may lead to an unexpected application termination or arbitrary code
execution (CVE-2009-0159).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
Workstation any any not affected
Player any any not affected
Server 2.0 any not being fixed at this time
Server 1.0 any not affected
ACE any any not affected
Fusion any any not affected
ESXi any ESXi not affected
