USN-4229-1: NTP vulnerability

🗓️ 09 Jan 2020 18:44:14Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 76 Views

NTP daemon vulnerability in Ubuntu releases for ntpq and ntpdc program

Reporter	Title	Published	Views	Family All 145
IBM Security Bulletins	Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in NTP (CVE-2018-12327)	7 Dec 202322:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2018-12327, CVE-2018-7170)	14 Dec 201818:25	–	ibm
0day.today	ntp 4.2.8p11 - Local Buffer Overflow (PoC) Vulnerability	20 Jun 201800:00	–	zdt
Tenable Nessus	Amazon Linux 2 : ntp (ALAS-2019-1367)	25 Nov 201900:00	–	nessus
Tenable Nessus	Amazon Linux AMI : ntp (ALAS-2018-1083)	20 Sep 201800:00	–	nessus
Tenable Nessus	CentOS 6 : ntp (CESA-2018:3854)	20 Dec 201800:00	–	nessus
Tenable Nessus	CentOS 7 : ntp (CESA-2019:2077)	30 Aug 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : ntp (EulerOS-SA-2019-1014)	8 Jan 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : ntp (EulerOS-SA-2019-1037)	15 Feb 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : ntp (EulerOS-SA-2019-1053)	22 Feb 201900:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	12.04	any	ntp	1:4.2.6.p3+dfsg-1ubuntu3.13	ntp_1:4.2.6.p3+dfsg-1ubuntu3.13_any.deb
Ubuntu	14.04	any	ntp	1:4.2.6.p5+dfsg-3ubuntu2.14.04.13+esm1	ntp_1:4.2.6.p5+dfsg-3ubuntu2.14.04.13+esm1_any.deb
Ubuntu	16.04	any	ntp	1:4.2.8p4+dfsg-3ubuntu5.10	ntp_1:4.2.8p4+dfsg-3ubuntu5.10_any.deb
Ubuntu	14.04	any	ntp-doc	1:4.2.6.p5+dfsg-3ubuntu2.14.04.13+esm1	ntp-doc_1:4.2.6.p5+dfsg-3ubuntu2.14.04.13+esm1_any.deb
Ubuntu	14.04	any	ntpdate	1:4.2.6.p5+dfsg-3ubuntu2.14.04.13+esm1	ntpdate_1:4.2.6.p5+dfsg-3ubuntu2.14.04.13+esm1_any.deb

09 Jan 2020 18:44Current

7.2High risk

Vulners AI Score7.2

CVSS 27.5

CVSS 39.8

EPSS0.15968

ntp daemon ubuntu 16.04 ubuntu 14.04 ubuntu 12.04 network time protocol privilege escalation arbitrary code vulnerability