#VU10802 Memory corruption in Network Time Protocol
Vulnerability identifier: #VU10802
Vulnerability risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Network Time Protocol
Server applications /
Other server solutions
Vendor: ntp.org
Description
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.
The weakness exists in the decodearr() function of the ntpq monitoring and control program for ntpd used by the Network Time Protocol due to boundary error while attempting to decode an array in a response string when formatted data is being displayed. A remote attacker who is able to read an ntpq request while the request is being transmitted to a remote ntpd server can forge and send a specially crafted response to the targeted system prior
to the remote ntpd server sending its response, trigger out-of-bounds
write in the decodearr()
function and inject and execute arbitrary code.
Mitigation
Update to version 4.2.8p11.
Vulnerable software versions
Network Time Protocol: 4.2.8p6 - 4.2.8p10
External links
http://www.ntp.org/downloads.html
http://www.freebsd.org/ports/master-index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
