vulnerability
NTP: Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-6460)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Mar 27, 2017 | Feb 23, 2023 | Mar 1, 2023 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Mar 27, 2017
Added
Feb 23, 2023
Modified
Mar 1, 2023
Description
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
Solution
ntp-upgrade-latest
References
- BID-97052
- CVE-2017-6460
- https://attackerkb.com/topics/CVE-2017-6460
- URL-http://support.ntp.org/bin/view/Main/NtpBug3377
- URL-http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
- URL-http://www.securityfocus.com/bid/97052
- URL-http://www.securitytracker.com/id/1038123
- URL-https://security.paloaltonetworks.com/CVE-2017-6460
- URL-https://support.apple.com/HT208144
- URL-https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.