Main Vulnerability Database Vulnerabilities #VU39360

Buffer overflow in ntp - CVE-2017-6459

Published: March 27, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39360

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-6459

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: ntp.org

Affected software:
ntp

Detailed vulnerability description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.

How to mitigate CVE-2017-6459

Install update from vendor's website.

Sources

http://support.ntp.org/bin/view/Main/NtpBug3382
http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
http://www.securityfocus.com/bid/97076
http://www.securitytracker.com/id/1038123
https://support.apple.com/HT208144

Buffer overflow in ntp - CVE-2017-6459

Detailed vulnerability description

How to mitigate CVE-2017-6459

Sources

Please verify you're human