Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
NTP 'ctl_getitem()' And 'decodearr()' Multiple Vulnerabilities
Information
Severity
Severity
High
Family
Family
General
CVSSv2 Base
CVSSv2 Base
7.5
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Solution Type
Solution Type
Vendor Patch
Created
Created
6 years ago
Modified
Modified
4 years ago
Summary
The host is running NTP and is prone to multiple vulnerabilities.
Insight
Insight
Multiple flaws exists due to - An error in 'ctl_getitem()' which is used by ntpd to process incoming mode 6 packets. A malicious mode 6 packet can be sent to an ntpd instance, will cause 'ctl_getitem()' to read past the end of its buffer. - An error in 'decodearr()' which is used by ntpq can write beyond its buffer limit.
Affected Software
Affected Software
NTP versions 4.2.8p6 before 4.2.8p11
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to NTP version 4.2.8p11 or later.