Описание
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ntp | fixed | 1:4.2.8p4+dfsg-1 | package | |
| ntp | not-affected | jessie | package | |
| ntp | not-affected | wheezy | package | |
| ntp | not-affected | squeeze | package |
Примечания
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
https://github.com/ntp-project/ntp/commit/8482b536f9494a5d45196ab5b7e13040f5940261
EPSS
Связанные уязвимости
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
Уязвимость параметра datalen драйвера refclock протокола сетевого времени NTP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
EPSS