Home CVE Database CVE-2016-2519

CVE-2016-2519

Description

ntpq and ntpdc can be used to store and retrieve information in ntpd. It is possible to store a data value that is larger than the size of the buffer that the ctl_getitem() function of ntpd uses to zreport the return value. If the length of the requested data value returned by ctl_getitem() is too large, the value NULL is returned instead. There are 2 cases where the return value from ctl_getitem() was not directly checked to make sure it\'s not NULL, but there are subsequent INSIST() checks that make sure the return value is not NULL. There are no data values ordinarily stored in ntpd that would exceed this buffer length. But if one has permission to store values and one stores a value that is \"too large\", then ntpd will abort if an attempt is made to read that oversized value.

Priority: MEDIUM
CVSS v3: 5.9
Publish Date: Jun 12, 2016
Related ID: --
CVSS v2: Medium
Modified Date: Jun 12, 2016

Find out more about CVE-2016-2519 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

ntp

Live chat
Online