Lucene search

K

[email protected]CVE-2017-6458

HistoryMar 27, 2017 - 5:59 p.m.

CVE-2017-6458

2017-03-2717:59:00

CWE-119

[email protected]

web.nvd.nist.gov

84

7

cve-2017-6458

ntp

buffer overflow

remote authentication

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.

CPENameOperatorVersion
ntp:ntpntpeq4.2.8
ntp:ntpntplt4.3.94
hpe:hpux-ntphpe hpux-ntpltc.4.2.8.4.0
apple:mac_os_xapple mac os xlt10.13
siemens:simatic_net_cp_443-1_opc_ua_firmwaresiemens simatic net cp 443-1 opc ua firmwareeq*

References

packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html

seclists.org/fulldisclosure/2017/Nov/7

seclists.org/fulldisclosure/2017/Sep/62

support.ntp.org/bin/view/Main/NtpBug3379

support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu

www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded

www.securityfocus.com/bid/97051

www.securitytracker.com/id/1038123

www.ubuntu.com/usn/USN-3349-1

bto.bluecoat.com/security-advisory/sa147

cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/

support.apple.com/HT208144

support.apple.com/kb/HT208144

support.f5.com/csp/article/K99254031

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

us-cert.cisa.gov/ics/advisories/icsa-21-159-11

www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/

Social References

More

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

Related for CVE-2017-6458

prion1 f51 nessus18 redhatcve1 veracode1 ubuntucve1 debiancve1 aix1 openvas10 amazon1 fedora3 mageia1 ibm3 slackware1 symantec1 ics1 cloudfoundry1 ubuntu1 apple2