9.8

CVE-2018-12327

Exploit
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NtpNtp Version4.2.8 Updatep11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 29.04% 0.979
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
http://www.securityfocus.com/bid/104517
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:3853
https://access.redhat.com/errata/RHSA-2018:3854
https://access.redhat.com/errata/RHSA-2019:2077
https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f
Third Party Advisory
Exploit
https://security.gentoo.org/glsa/201903-15
https://usn.ubuntu.com/4229-1/
https://www.exploit-db.com/exploits/44909/
Third Party Advisory
Exploit
VDB Entry