Wind River Support Network

HomeDefectsLIN7-9550
Fixed

LIN7-9550 : Security Advisory - ntp - CVE-2018-7182

Created: Feb 27, 2018    Updated: Sep 13, 2018
Resolved Date: Apr 25, 2018
Found In Version: 7.0.0.27
Fix Version: 7.0.0.29
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace

Description

ctl_getitem() is used by ntpd to process incoming mode 6 packets. A malicious mode 6 packet can be sent to an ntpd instance, and if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will cause ctl_getitem() to read past the end of its buffer. displayed. This is a problem in affected versions of ntpq if a maliciously-altered ntpd returns an array result that will trip this bug, or if a bad actor is able to read an ntpq request on its way to a remote ntpd server and forge and send a response before the remote ntpd sends its response. It's potentially possible that the malicious data could become injectable/executable code. 

https://nvd.nist.gov/vuln/detail/CVE-2018-7182    

Other Downloads


CVEs


Live chat
Online