FreeBSD3C0237F5-420E-11E7-82C5-14DAE9D210B8FreeBSD -- Multiple vulnerabilities of ntp
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.089 Low
EPSS
Percentile
94.5%
Problem Description:
A vulnerability was discovered in the NTP serverโs parsing
of configuration directives. [CVE-2017-6464]
A vulnerability was found in NTP, in the parsing of
packets from the DPTS Clock. [CVE-2017-6462]
A vulnerability was discovered in the NTP serverโs parsing
of configuration directives. [CVE-2017-6463]
A vulnerability was found in NTP, affecting the origin
timestamp check function. [CVE-2016-9042]
Impact:
A remote, authenticated attacker could cause ntpd to
crash by sending a crafted message. [CVE-2017-6463,
CVE-2017-6464]
A malicious device could send crafted messages, causing
ntpd to crash. [CVE-2017-6462]
An attacker able to spoof messages from all of the
configured peers could send crafted packets to ntpd, causing
later replies from those peers to be discarded, resulting
in denial of service. [CVE-2016-9042]
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.089 Low
EPSS
Percentile
94.5%