CVE-2018-12327 log
Source |
|
Severity | Medium |
Remote | No |
Type | Arbitrary code execution |
Description | Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-723 | ntp | 4.2.8.p11-2 | 4.2.8.p12-1 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
01 Oct 2018 | ASA-201810-2 | AVG-723 | ntp | Medium | arbitrary code execution |
References |
---|
https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5b3ba863G-42Ac2TFzCy-PZ8vqNfVA |
Notes |
---|
NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. Reproducer: /usr/bin/ntpdc -4 \[`python2 -c 'print "A" * 300'`\] Note that ntpdc aborts due to stack smashing being detected. |