Fedora 26 update for ntp
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 CVE-2017-6458 CVE-2017-6451 CVE-2017-6460 CVE-2016-9042 |
| CWE-ID | CWE-20 CWE-120 CWE-16 CWE-787 CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system ntp Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Denial of service
EUVDB-ID: #VU7390
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-6464
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The weakness exists due to improper input validation. A remote attacker can use malformed mode configuration directive to trigger memory corruption and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 26
ntp: before 4.2.8p10-1.fc26
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-20d54b2782
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU7389
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6462
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition.
The weakness exists due to buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP. A remote attacker can send specially crafted packets, trigger memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 26
ntp: before 4.2.8p10-1.fc26
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-20d54b2782
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Configuration error
EUVDB-ID: #VU12125
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2017-6463
CWE-ID:
CWE-16 - Configuration
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the unpeer option due to the NTP server's parsing of configuration directives. A remote attacker can submit a specially crafted message and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 26
ntp: before 4.2.8p10-1.fc26
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-20d54b2782
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU7386
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6458
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The weakness exists due to multiple buffer overflows in the ctl_put() functions in NTP. A remote attacker can an overly long string argument, trigger memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 26
ntp: before 4.2.8p10-1.fc26
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-20d54b2782
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU7385
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6451
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The weakness exists due to improper handling of the return value of the snprintf function by the mx4200_send function in the legacy MX4200 refclock in NTP. A local attacker can trigger out-of-bounds memory write and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 26
ntp: before 4.2.8p10-1.fc26
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-20d54b2782
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Stack-based buffer overflow
EUVDB-ID: #VU12771
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-6460
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the reslist() function in ntpq due to stack-based buffer overflow triggered by a malicious ntpd server when ntpq requests the restriction list from the server. A remote attacker can trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 26
ntp: before 4.2.8p10-1.fc26
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-20d54b2782
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU37084
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-9042
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 26
ntp: before 4.2.8p10-1.fc26
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-20d54b2782
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
