Описание
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
A vulnerability was found in NTP, in the parsing of packets from the /dev/datum device. A malicious device could send crafted messages, causing ntpd to crash.
Меры по смягчению последствий
Properly monitor your ntpd instances, and auto-restart ntpd (without -g) if it stops running.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ntp | Will not fix | ||
| Red Hat Enterprise Linux 6 | ntp | Fixed | RHSA-2017:3071 | 26.10.2017 |
| Red Hat Enterprise Linux 7 | ntp | Fixed | RHSA-2018:0855 | 10.04.2018 |
Показывать по
Дополнительная информация
Статус:
6.4 Medium
CVSS3
Связанные уязвимости
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) re ...
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
Уязвимость драйвера Datum Programmable Time Server (DPTS) refclock реализации протокола синхронизации времени NTP, позволяющая нарушителю вызвать отказ в работе демона ntpd с помощью созданного устройства /dev/datum
6.4 Medium
CVSS3