Main Vulnerability Database Vulnerabilities #VU39360

#VU39360 Buffer overflow in ntp - CVE-2017-6459

Published: March 27, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39360

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-6459

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ntp

Software vendor:
ntp.org

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.

Remediation

Install update from vendor's website.

External links

http://support.ntp.org/bin/view/Main/NtpBug3382
http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
http://www.securityfocus.com/bid/97076
http://www.securitytracker.com/id/1038123
https://support.apple.com/HT208144

#VU39360 Buffer overflow in ntp - CVE-2017-6459

Description

Remediation

External links

Please verify you're human