Vuln: NTP CVE-2017-6462 Local Buffer Overflow Vulnerability

Bugtraq ID: 97045
Class: Boundary Condition Error
CVE: CVE-2017-6462

Remote: No
Local: Yes
Published: Mar 21 2017 12:00AM
Credit: the NTP project
Vulnerable: Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Redhat Enterprise Linux 5
NTP NTP 4.3.90
NTP NTP 4.3.25
NTP NTP 4.3
NTP NTP 4.2.8
NTP NTP 4.2.6
NTP NTP 4.2.5 p74
NTP NTP 4.2.5 p153
NTP NTP 4.2.5 p150
NTP NTP 4.2.4 p8
NTP NTP 4.2.4 p7-RC2
NTP NTP 4.2.4 p7
NTP NTP 4.2.4 p6
NTP NTP 4.2.4 p5
NTP NTP 4.2.4 p4
NTP NTP 4.2.2 p4
NTP NTP 4.2.2 p1
NTP NTP 4.3.93
NTP NTP 4.3.92
NTP NTP 4.3.77
NTP NTP 4.3.70
NTP NTP 4.2.8p9
NTP NTP 4.2.8p8
NTP NTP 4.2.8p7
NTP NTP 4.2.8p6
NTP NTP 4.2.8p5
NTP NTP 4.2.8p4
NTP NTP 4.2.8p3
NTP NTP 4.2.8p2
NTP NTP 4.2.8p1
NTP NTP 4.2.7p385
NTP NTP 4.2.7p366
NTP NTP 4.2.7p22
NTP NTP 4.2.7p111
NTP NTP 4.2.7p11
NTP NTP 4.2.5p3
NTP NTP 4.2.5p203
NTP NTP 4.2.5p186
NTP NTP 4.2.0.a


Not Vulnerable: NTP NTP 4.3.94
NTP NTP 4.2.8p10


Discussion



NTP is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.

Exploit



Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References


Related Posts