7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.966 High
EPSS
Percentile
99.6%
CERT reports:
The Network Time Protocol (NTP) provides networked
systems with a way to synchronize time for various
services and applications. ntpd version 4.2.7 and
previous versions allow attackers to overflow several
buffers in a way that may allow malicious code to
be executed. ntp-keygen prior to version 4.2.7p230
also uses a non-cryptographic random number generator
when generating symmetric keys.
The buffer overflow vulnerabilities in ntpd may
allow a remote unauthenticated attacker to execute
arbitrary malicious code with the privilege level
of the ntpd process. The weak default key and
non-cryptographic random number generator in
ntp-keygen may allow an attacker to gain
information regarding the integrity checking
and authentication encryption schemes.