Wind River Support Network

HomeDefectsLIN9-6480
Fixed

LIN9-6480 : Security Advisory - ntp - CVE-2018-7182

Created: Feb 27, 2018    Updated: Dec 3, 2018
Resolved Date: May 6, 2018
Found In Version: 9.0.0.14
Fix Version: 9.0.0.16
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

ctl_getitem() is used by ntpd to process incoming mode 6 packets. A malicious mode 6 packet can be sent to an ntpd instance, and if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will cause ctl_getitem() to read past the end of its buffer. displayed. This is a problem in affected versions of ntpq if a maliciously-altered ntpd returns an array result that will trip this bug, or if a bad actor is able to read an ntpq request on its way to a remote ntpd server and forge and send a response before the remote ntpd sends its response. It's potentially possible that the malicious data could become injectable/executable code. 

https://nvd.nist.gov/vuln/detail/CVE-2018-7182    

Other Downloads


CVEs


Live chat
Online