Описание
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ntp | fixed | 1:4.2.8p11+dfsg-1 | package | |
| ntp | postponed | stretch | package | |
| ntp | postponed | jessie | package | |
| ntp | not-affected | wheezy | package | |
| ntpsec | fixed | 1.0.0+dfsg1-5 | package |
Примечания
http://www.kb.cert.org/vuls/id/961909
http://support.ntp.org/bin/view/Main/NtpBug3412
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
Fixed by (ntpsec): https://gitlab.com/NTPsec/ntpsec/commit/6d6aa6da0fe685011f5a9633c3618409af8349d7
https://lists.ntpsec.org/pipermail/devel/2018-March/006008.html
Связанные уязвимости
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
Уязвимость метода ctl_getitem программы-демона ntpd реализации протокола синхронизации времени NTP, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании