PT-2017-17074 · Ntf+3 · Ntp+3

Publicado

2017-03-27

Atualizado

2024-06-15

CVE-2017-6451

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.8p10 NTP versions 4.3.x prior to 4.3.94

Description The issue allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write due to the mx4200 send function not properly handling the return value of the snprintf function. Additionally, a remote authenticated attacker could exploit this to cause the application to crash using a malformed mode configuration directive.

Recommendations For NTP versions prior to 4.2.8p10, update to version 4.2.8p10 or later. For NTP versions 4.3.x prior to 4.3.94, update to version 4.3.94 or later.

Correção

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2017-2335

CVE-2017-6451

MGASA-2017-0134

OPENSUSE-SU-2024:11102-1

SUSE-SU-2017:1047-1

SUSE-SU-2017:1048-1

SUSE-SU-2017:1052-1

Produtos afetados

Alt Linux

Ibm Aix

Ntp

Suse

PT-2017-17074 · Ntf+3 · Ntp+3

CVE-2017-6451

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 41