Out-of-bounds write in NTPsec - CVE-2019-6442
Published: January 24, 2019 / Updated: June 17, 2021
Vulnerability identifier: #VU17181
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2019-6442
CWE-ID: CWE-787
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: The NTPsec project
Affected software:
NTPsec
NTPsec
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to the affected software allows one byte to be written out of bounds in the ntpd daemon, related to the config_remotely function in the ntp_config.c source code file, the yyparse function in the ntp_parser.tab.c source code file, and the yyerror function in the ntp_parser.y source code file. A remote attacker can send a configuration request that submits malicious input, trigger ou-of-bounds write and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to the affected software allows one byte to be written out of bounds in the ntpd daemon, related to the config_remotely function in the ntp_config.c source code file, the yyparse function in the ntp_parser.tab.c source code file, and the yyerror function in the ntp_parser.y source code file. A remote attacker can send a configuration request that submits malicious input, trigger ou-of-bounds write and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2019-6442
Update to version 1.1.3.