CVE-2018-12327

CVE Details

Release Date:2018-06-20
Impact:Low What is this?

Description


Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.

See more information about CVE-2018-12327 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v3 metrics

Base Score: 9.8
Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.0
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 6 (ntp)ELSA-2018-38542018-12-19
Oracle Linux version 7 (ntp)ELSA-2019-20772019-08-13
Oracle VM version 3.3 (ntp)OVMSA-2018-02902018-12-19
Oracle VM version 3.4 (ntp)OVMSA-2018-02902018-12-19


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete