Published: 27/03/2017 Updated: 24/10/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Stack-based buffer overflow in the reslist function in ntpq in NTP prior to 4.2.8p10 and 4.3.x prior to 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ntp ntp 4.3.13
ntp ntp 4.3.14
ntp ntp 4.3.11
ntp ntp 4.3.12
ntp ntp 4.3.19
ntp ntp 4.3.2
ntp ntp 4.3.26
ntp ntp 4.3.20
ntp ntp 4.3.21
ntp ntp 4.3.29
ntp ntp 4.3.3
ntp ntp 4.3.36
ntp ntp 4.3.37
ntp ntp 4.3.43
ntp ntp 4.3.44
ntp ntp 4.3.51
ntp ntp 4.3.52
ntp ntp 4.3.59
ntp ntp 4.3.6
ntp ntp 4.3.66
ntp ntp 4.3.67
ntp ntp 4.3.74
ntp ntp 4.3.75
ntp ntp 4.3.81
ntp ntp 4.3.82
ntp ntp 4.3.89
ntp ntp 4.3.9
ntp ntp 4.3.90
ntp ntp 4.3.0
ntp ntp 4.3.15
ntp ntp 4.3.16
ntp ntp 4.3.22
ntp ntp 4.3.23
ntp ntp 4.3.30
ntp ntp 4.3.31
ntp ntp 4.3.38
ntp ntp 4.3.39
ntp ntp 4.3.45
ntp ntp 4.3.46
ntp ntp 4.3.53
ntp ntp 4.3.54
ntp ntp 4.3.60
ntp ntp 4.3.61
ntp ntp 4.3.68
ntp ntp 4.3.69
ntp ntp 4.3.7
ntp ntp 4.3.76
ntp ntp 4.3.77
ntp ntp 4.3.83
ntp ntp 4.3.84
ntp ntp 4.3.91
ntp ntp 4.3.92
ntp ntp 4.3.27
ntp ntp 4.3.28
ntp ntp 4.3.34
ntp ntp 4.3.35
ntp ntp 4.3.41
ntp ntp 4.3.42
ntp ntp 4.3.5
ntp ntp 4.3.50
ntp ntp 4.3.57
ntp ntp 4.3.58
ntp ntp 4.3.64
ntp ntp 4.3.65
ntp ntp 4.3.72
ntp ntp 4.3.73
ntp ntp 4.3.8
ntp ntp 4.3.80
ntp ntp 4.3.87
ntp ntp 4.3.88
ntp ntp 4.3.1
ntp ntp 4.3.10
ntp ntp 4.3.17
ntp ntp 4.3.18
ntp ntp 4.3.24
ntp ntp 4.3.25
ntp ntp 4.3.32
ntp ntp 4.3.33
ntp ntp 4.3.4
ntp ntp 4.3.40
ntp ntp 4.3.47
ntp ntp 4.3.48
ntp ntp 4.3.49
ntp ntp 4.3.55
ntp ntp 4.3.56
ntp ntp 4.3.62
ntp ntp 4.3.63
ntp ntp 4.3.70
ntp ntp 4.3.71
ntp ntp 4.3.78
ntp ntp 4.3.79
ntp ntp 4.3.85
ntp ntp 4.3.86
ntp ntp 4.3.93
ntp ntp 4.2.8

Several security issues were fixed in NTP ...

CWE-119 http://www.securitytracker.com/id/1038123 http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://support.ntp.org/bin/view/Main/NtpBug3377 http://www.securityfocus.com/bid/97052 https://support.apple.com/HT208144 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us https://security.paloaltonetworks.com/CVE-2017-6460 https://nvd.nist.gov https://usn.ubuntu.com/3349-1/

Get Started

CVE-2017-6460

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect