Cisco Bug: CSCsz81226 - Update NTPd version in Meeting Place
Aug 06, 2018
- Cisco Unified MeetingPlace
Known Affected Releases
5.3(1.15) 5.4(19) 6.0(1.12)
Symptom: Upgrade version of NTPd used within this product. Conditions: Upgrade version of NTPd to ensure fixes for: CVE-2009-0159 Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. CVE-2009-1252 An insecure "sprintf()" call in the "crypto_recv()" [ntpd/ntp_crypto.c] function when ntpd was compiled with OpenSSL support and is configured to use Autokey (enabled via a "crypto pw password" line in the ntp.conf file), could be exploited by attackers to crash an affected daemon or execute arbitrary code via a malicious packet.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases