Slackware Linux update for ntp
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2016-9042 CVE-2017-6451 CVE-2017-6452 CVE-2017-6455 CVE-2017-6458 CVE-2017-6459 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 |
| CWE-ID | CWE-20 CWE-787 CWE-121 CWE-94 CWE-120 CWE-119 CWE-16 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Slackware Linux Operating systems & Components / Operating system |
| Vendor | Slackware |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU37084
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-9042
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
MitigationUpdate the affected package ntp.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.648848
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU7385
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6451
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The weakness exists due to improper handling of the return value of the snprintf function by the mx4200_send function in the legacy MX4200 refclock in NTP. A local attacker can trigger out-of-bounds memory write and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package ntp.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.648848
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stack-based buffer overflow
EUVDB-ID: #VU39358
Risk: Medium
CVSSv3.1: 7.1 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-6452
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing an application path on the command line. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package ntp.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.648848
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Code Injection
EUVDB-ID: #VU39359
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6455
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.
MitigationUpdate the affected package ntp.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.648848
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU7386
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6458
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The weakness exists due to multiple buffer overflows in the ctl_put() functions in NTP. A remote attacker can an overly long string argument, trigger memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected package ntp.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.648848
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU39360
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6459
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.
MitigationUpdate the affected package ntp.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.648848
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Stack-based buffer overflow
EUVDB-ID: #VU12771
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6460
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the reslist() function in ntpq due to stack-based buffer overflow triggered by a malicious ntpd server when ntpq requests the restriction list from the server. A remote attacker can trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package ntp.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.648848
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU7389
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6462
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition.
The weakness exists due to buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP. A remote attacker can send specially crafted packets, trigger memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected package ntp.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.648848
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Configuration error
EUVDB-ID: #VU12125
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6463
CWE-ID:
CWE-16 - Configuration
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the unpeer option due to the NTP server's parsing of configuration directives. A remote attacker can submit a specially crafted message and cause the service to crash.
Update the affected package ntp.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.648848
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Denial of service
EUVDB-ID: #VU7390
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6464
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The weakness exists due to improper input validation. A remote attacker can use malformed mode configuration directive to trigger memory corruption and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected package ntp.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.648848
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
