join
donate

NTP Bug 3388

NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Low)

  • Date Resolved: 21 Mar 2017
  • References: Sec 3388 / CVE-2017-6462 / VU#325339
  • Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not including ntp-4.3.94.
  • CVSS2: Low 1.0 (AV:L/AC:H/Au:S/C:N/I:N/A:P)
  • CVSS3: Low 1.6 CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L
  • Summary: There is a potential for a buffer overflow in the legacy Datum Programmable Time Server refclock driver. Here the packets are processed from the /dev/datum device and handled in datum_pts_receive(). Since an attacker would be required to somehow control a malicious /dev/datum device, this does not appear to be a practical attack and renders this issue “Low” in terms of severity.
  • Mitigation:
  • Credit: This weakness was discovered by Cure53.


This topic: Main > SecurityNotice > NtpBug3388
Topic revision: r1 - 2017-03-22 - 01:31:20 - HarlanStenn
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright &© 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback