PT-2017-17074 · Ntf+3 · Ntp+3

Published

2017-03-27

Updated

2024-06-15

CVE-2017-6451

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.8p10 NTP versions 4.3.x prior to 4.3.94

Description The issue allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write due to the mx4200 send function not properly handling the return value of the snprintf function. Additionally, a remote authenticated attacker could exploit this to cause the application to crash using a malformed mode configuration directive.

Recommendations For NTP versions prior to 4.2.8p10, update to version 4.2.8p10 or later. For NTP versions 4.3.x prior to 4.3.94, update to version 4.3.94 or later.

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2017-2335

CVE-2017-6451

MGASA-2017-0134

OPENSUSE-SU-2024:11102-1

SUSE-SU-2017:1047-1

SUSE-SU-2017:1048-1

SUSE-SU-2017:1052-1

Affected Products

Alt Linux

Ibm Aix

Ntp

Suse

PT-2017-17074 · Ntf+3 · Ntp+3

CVE-2017-6451

Weakness Enumeration

Related Identifiers

Affected Products

References · 41