1
NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04)
3
Focus: Security and Bug Fixes
7
This release fixes the following high-severity vulnerability:
9
* [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
11
See http://support.ntp.org/security for more information.
13
If autokey is enabled (if ntp.conf contains a "crypto pw whatever"
14
line) then a carefully crafted packet sent to the machine will cause
15
a buffer overflow and possible execution of injected code, running
16
with the privileges of the ntpd process (often root).
18
Credit for finding this vulnerability goes to Chris Ries of CMU.
20
This release fixes the following low-severity vulnerabilities:
22
* [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
23
Credit for finding this vulnerability goes to Geoff Keating of Apple.
25
* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
26
Credit for finding this issue goes to Dave Hart.
28
This release fixes a number of bugs and adds some improvements:
31
* Fix many compiler warnings
32
* Many fixes and improvements for Windows
33
* Adds support for AIX 6.1
34
* Resolves some issues under MacOS X and Solaris
36
THIS IS A STRONGLY RECOMMENDED UPGRADE.
1
39
NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07)