Oval Definition:	oval:org.mitre.oval:def:6307
Revision Date: 2015-05-18 Version: 27 Title: HP-UX Running XNTP, Remote Execution of Arbitrary Code Description: Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2009-1252 Platform(s): HP-UX 11 Product(s): Definition Synopsis Criteria meets HP Security Bulletin HPSBUX02437 HP-UX B.11.23 AND InternetSrvcs.INETSVCS2-BOOT is installed AND NOT Patch PHNE_39872 is installed OR Criteria meets HP Security Bulletin HPSBUX02437 HP-UX B.11.11 AND InternetSrvcs.INETSVCS-BOOT is installed AND NOT Patch PHNE_39871 is installed OR Criteria meets HP Security Bulletin HPSBUX02437 HP-UX B.11.31 AND NTP.NTP-RUN is installed AND NOT Patch PHNE_39873 is installed
BACK