Privilege escalation in Network Time Protocol

Published: 2018-08-17
Risk Low
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2018-12327
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Network Time Protocol
Server applications / Other server solutions


Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Stack-based buffer overflow

EUVDB-ID: #VU14448

Risk: Low


CVE-ID: CVE-2018-12327

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: Yes


The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to stack-based buffer overflow in the Network Time Protocol Query (ntpq) program and Network Time Protocol daemon (ntpd) when handling malicious input. A local attacker can submit a long string argument for an IPv4 or IPv6 command-line parameter, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

Network Time Protocol: 4.2.0a - 4.2.8p11

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?