CVE-2017-6458

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-6458
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html
http://seclists.org/fulldisclosure/2017/Nov/7
http://seclists.org/fulldisclosure/2017/Sep/62
http://support.ntp.org/bin/view/Main/NtpBug3379 Patch Vendor Advisory
http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu Vendor Advisory
http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded
http://www.securityfocus.com/bid/97051 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038123 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-3349-1
https://bto.bluecoat.com/security-advisory/sa147
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/
https://support.apple.com/HT208144 Third Party Advisory
https://support.apple.com/kb/HT208144
https://support.f5.com/csp/article/K99254031
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*
History

07 Nov 2023, 02:49

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/', 'name': 'FEDORA-2017-72323a442f', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/', 'name': 'FEDORA-2017-5ebac1c112', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/', 'name': 'FEDORA-2017-20d54b2782', 'tags': [], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/ -
Information

Published : 2017-03-27 17:59

Updated : 2024-02-28 15:44

NVD link : CVE-2017-6458

Mitre link : CVE-2017-6458

CVE.ORG link : CVE-2017-6458

JSON object : View

Products Affected

apple

  • mac_os_x

hpe

  • hpux-ntp

ntp

  • ntp

siemens

  • simatic_net_cp_443-1_opc_ua
  • simatic_net_cp_443-1_opc_ua_firmware
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024