Risk | High |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2019-6442 CVE-2019-6443 CVE-2019-6444 CVE-2019-6445 |
CWE-ID | CWE-787 CWE-125 CWE-476 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
Vulnerable software Subscribe |
Opensuse Operating systems & Components / Operating system |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU17181
Risk: High
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-6442
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to the affected software allows one byte to be written out of bounds in the ntpd daemon, related to the config_remotely function in the ntp_config.c source code file, the yyparse function in the ntp_parser.tab.c source code file, and the yyerror function in the ntp_parser.y source code file. A remote attacker can send a configuration request that submits malicious input, trigger ou-of-bounds write and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
Opensuse: 15.0
External linkshttp://lists.opensuse.org/opensuse-security-announce/2019-01/msg00030.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU17182
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-6443
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a bug in ctl_getitem. A remote attacker can trigger a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd and perform a denial of service attack.
MitigationUpdate the affected packages.
Opensuse: 15.0
External linkshttp://lists.opensuse.org/opensuse-security-announce/2019-01/msg00030.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU17183
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-6444
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to attacker-controlled data is dereferenced by ntohl() in ntpd. A remote attacker can trigger stack-based buffer over-read in process_control() in ntp_control.c perform a denial of service attack.
MitigationUpdate the affected packages.
Opensuse: 15.0
External linkshttp://lists.opensuse.org/opensuse-security-announce/2019-01/msg00030.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU17184
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-6445
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote authenticated attacker can trigger NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
Opensuse: 15.0
External linkshttp://lists.opensuse.org/opensuse-security-announce/2019-01/msg00030.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.