News from 2009-05-22
Software: New NTP-Version 4.2.4p7 for Windows - Security Update
Following the release of NTP 4.2.4p7 by the NTP Public Services Project, Meinberg Funkuhren today updated their NTP Installer for Windows NT4 SP6a, Windows 2000, Windows XP, Windows 2003 Server, Windows Vista and Windows 2008 Server and offers it on their NTP Download page.
The new "stable" version of the NTP reference implementation includes fixes for a number of security-relevant bugs:
- [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
Credit for finding this vulnerability goes to Geoff Keating of Apple.
Bug 1144 - [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
Credit for finding this issue goes to Dave Hart.
Bug 1149 - [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
Bug 1151