ntp is vulnerable to arbitrary code execution. Multiple buffer overflows in the ctl_put*
functions allow remote authenticated attackers to potentially execute arbitrary code on the host OS via a long variable.
CPE | Name | Operator | Version |
---|---|---|---|
ntp:xenial | eq | 1:4.2.8p4+dfsg-3ubuntu5 | |
ntp:trusty | eq | 1:4.2.6.p5+dfsg-3ubuntu2 |
support.ntp.org/bin/view/Main/NtpBug3379
support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
www.securityfocus.com/bid/97051
www.securitytracker.com/id/1038123
cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
support.apple.com/HT208144
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us