8.8

CVE-2017-6458

Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NtpNtp Version < 4.2.8
NtpNtp Version >= 4.3.0 < 4.3.94
NtpNtp Version4.2.8 Update-
NtpNtp Version4.2.8 Updatep1
NtpNtp Version4.2.8 Updatep1-beta1
NtpNtp Version4.2.8 Updatep1-beta2
NtpNtp Version4.2.8 Updatep1-beta3
NtpNtp Version4.2.8 Updatep1-beta4
NtpNtp Version4.2.8 Updatep1-beta5
NtpNtp Version4.2.8 Updatep1-rc1
NtpNtp Version4.2.8 Updatep1-rc2
NtpNtp Version4.2.8 Updatep2
NtpNtp Version4.2.8 Updatep2-rc1
NtpNtp Version4.2.8 Updatep2-rc2
NtpNtp Version4.2.8 Updatep2-rc3
NtpNtp Version4.2.8 Updatep3
NtpNtp Version4.2.8 Updatep3-rc1
NtpNtp Version4.2.8 Updatep3-rc2
NtpNtp Version4.2.8 Updatep3-rc3
NtpNtp Version4.2.8 Updatep4
NtpNtp Version4.2.8 Updatep5
NtpNtp Version4.2.8 Updatep6
NtpNtp Version4.2.8 Updatep7
NtpNtp Version4.2.8 Updatep8
NtpNtp Version4.2.8 Updatep9
HpeHpux-ntp Version < c.4.2.8.4.0
ApplemacOS X Version >= 10.8.0 < 10.13
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.52% 0.929
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
Third Party Advisory
https://support.apple.com/HT208144
Third Party Advisory
http://www.ubuntu.com/usn/USN-3349-1
http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
Vendor Advisory
http://www.securitytracker.com/id/1038123
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html
http://seclists.org/fulldisclosure/2017/Nov/7
http://seclists.org/fulldisclosure/2017/Sep/62
http://support.ntp.org/bin/view/Main/NtpBug3379
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded
http://www.securityfocus.com/bid/97051
Third Party Advisory
VDB Entry
https://bto.bluecoat.com/security-advisory/sa147
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/
https://support.apple.com/kb/HT208144
https://support.f5.com/csp/article/K99254031
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/