Wind River Support Network

HomeDefectsLIN6-14331
Fixed

LIN6-14331 : Security Advisory - ntp - CVE-2018-7182

Created: Feb 27, 2018    Updated: Dec 3, 2018
Resolved Date: Jun 7, 2018
Found In Version: 6.0.0.36
Fix Version: 6.0.0.37
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

ctl_getitem() is used by ntpd to process incoming mode 6 packets. A malicious mode 6 packet can be sent to an ntpd instance, and if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will cause ctl_getitem() to read past the end of its buffer. displayed. This is a problem in affected versions of ntpq if a maliciously-altered ntpd returns an array result that will trip this bug, or if a bad actor is able to read an ntpq request on its way to a remote ntpd server and forge and send a response before the remote ntpd sends its response. It's potentially possible that the malicious data could become injectable/executable code. 

https://nvd.nist.gov/vuln/detail/CVE-2018-7182    

Other Downloads


Live chat
Online