NTP Bug 3412

ctl_getitem(): buffer read overrun leads to undefined behavior and information leak (Info/Medium)

  • Date Resolved: 27 Feb 2018
  • References: Sec 3412 / CVE-2018-7182 / VU#961909
  • Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
  • CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N
  • CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 0.0 if C:N
  • Summary: ctl_getitem() is used by ntpd to process incoming mode 6 packets. A malicious mode 6 packet can be sent to an ntpd instance, and if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will cause ctl_getitem() to read past the end of its buffer.
  • Mitigation:
  • Credit: This weakness was discovered by Yihan Lian of Qihoo 360.

This topic: Main > SecurityNotice > NtpBug3412
Topic revision: r1 - 2018-02-28 - 00:17:06 - HarlanStenn
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback