ID CVE-2018-12327
Summary Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
References
Vulnerable Configurations
  • cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1593580
    title CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment ntp is earlier than 0:4.2.6p5-15.el6_10
            oval oval:com.redhat.rhsa:tst:20183854001
          • comment ntp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024002
        • AND
          • comment ntp-doc is earlier than 0:4.2.6p5-15.el6_10
            oval oval:com.redhat.rhsa:tst:20183854003
          • comment ntp-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024004
        • AND
          • comment ntp-perl is earlier than 0:4.2.6p5-15.el6_10
            oval oval:com.redhat.rhsa:tst:20183854005
          • comment ntp-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024006
        • AND
          • comment ntpdate is earlier than 0:4.2.6p5-15.el6_10
            oval oval:com.redhat.rhsa:tst:20183854007
          • comment ntpdate is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024008
    rhsa
    id RHSA-2018:3854
    released 2018-12-19
    severity Low
    title RHSA-2018:3854: ntp security update (Low)
  • bugzilla
    id 1593580
    title CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment ntp is earlier than 0:4.2.6p5-29.el7
            oval oval:com.redhat.rhsa:tst:20192077001
          • comment ntp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024002
        • AND
          • comment ntp-doc is earlier than 0:4.2.6p5-29.el7
            oval oval:com.redhat.rhsa:tst:20192077003
          • comment ntp-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024004
        • AND
          • comment ntp-perl is earlier than 0:4.2.6p5-29.el7
            oval oval:com.redhat.rhsa:tst:20192077005
          • comment ntp-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024006
        • AND
          • comment ntpdate is earlier than 0:4.2.6p5-29.el7
            oval oval:com.redhat.rhsa:tst:20192077007
          • comment ntpdate is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024008
        • AND
          • comment sntp is earlier than 0:4.2.6p5-29.el7
            oval oval:com.redhat.rhsa:tst:20192077009
          • comment sntp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20142024010
    rhsa
    id RHSA-2019:2077
    released 2019-08-06
    severity Low
    title RHSA-2019:2077: ntp security, bug fix, and enhancement update (Low)
  • rhsa
    id RHSA-2018:3853
rpms
  • ntp-0:4.2.6p5-5.el6_7.6
  • ntp-debuginfo-0:4.2.6p5-5.el6_7.6
  • ntp-doc-0:4.2.6p5-5.el6_7.6
  • ntp-perl-0:4.2.6p5-5.el6_7.6
  • ntpdate-0:4.2.6p5-5.el6_7.6
  • ntp-0:4.2.6p5-15.el6_10
  • ntp-debuginfo-0:4.2.6p5-15.el6_10
  • ntp-doc-0:4.2.6p5-15.el6_10
  • ntp-perl-0:4.2.6p5-15.el6_10
  • ntpdate-0:4.2.6p5-15.el6_10
  • ntp-0:4.2.6p5-29.el7
  • ntp-debuginfo-0:4.2.6p5-29.el7
  • ntp-doc-0:4.2.6p5-29.el7
  • ntp-perl-0:4.2.6p5-29.el7
  • ntpdate-0:4.2.6p5-29.el7
  • sntp-0:4.2.6p5-29.el7
  • ntp-0:4.2.6p5-28.el7_6.1
  • ntp-debuginfo-0:4.2.6p5-28.el7_6.1
  • ntp-doc-0:4.2.6p5-28.el7_6.1
  • ntp-perl-0:4.2.6p5-28.el7_6.1
  • ntpdate-0:4.2.6p5-28.el7_6.1
  • sntp-0:4.2.6p5-28.el7_6.1
refmap via4
bid 104517
confirm https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
exploit-db 44909
gentoo GLSA-201903-15
misc https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f
ubuntu USN-4229-1
Last major update 24-08-2020 - 17:37
Published 20-06-2018 - 14:29
Last modified 24-08-2020 - 17:37
Back to Top