Wind River Support Network

HomeDefectsLIN9-3622
Fixed

LIN9-3622 : CLONE - Security Advisory - ntp - CVE-2017-6458

Created: Mar 22, 2017    Updated: May 29, 2018
Resolved Date: Apr 10, 2018
Found In Version: 9.0.0.4
Fix Version: 9.0.0.6
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

http://support.ntp.org/bin/view/Main/NtpBug3379

ntpd makes use of different wrappers around ctl_putdata() to create name/value ntpq (mode 6) response strings. For example, ctl_putstr() is usually used to send string data (variable names or string data). The formatting code was missing a length check for variable names. If somebody explicitly created any unusually long variable names in ntpd (longer than 200-512 bytes, depending on the type of variable), then if any of these variables are added to the response list it would overflow a buffer. 

All versions of NTP, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not including ntp-4.3.94. 

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6458

CVEs


Live chat
Online