Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 12.04 | |
ubuntu_linux | eq | 16.04 | |
ubuntu_linux | eq | 14.04 | |
ubuntu_linux | eq | 17.10 | |
ubuntu_linux | eq | 18.04 | |
freebsd | eq | 10.3 | |
freebsd | eq | 11.1 | |
freebsd | eq | 10.4 | |
ntp | eq | 4.2.8 p9 | |
ntp | eq | 4.2.8 p7 |
support.ntp.org/bin/view/Main/NtpBug3414
support.ntp.org/bin/view/Main/SecurityNotice
www.securityfocus.com/bid/103351
security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
security.gentoo.org/glsa/201805-12
security.netapp.com/advisory/ntap-20180626-0001/
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
usn.ubuntu.com/3707-1/
usn.ubuntu.com/3707-2/
www.oracle.com//security-alerts/cpujul2021.html
www.synology.com/support/security/Synology_SA_18_13