First published: Thu Jun 21 2018(Updated: )
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. References: <a href="https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f">https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f</a>
Affected Software | Affected Version | How to fix |
---|---|---|
NTP |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of REDHAT-BUG-1593580 is critical due to its potential to allow attackers to achieve code execution or escalate privileges.
To fix REDHAT-BUG-1593580, upgrade your NTP version to the latest patched release as recommended by your vendor.
REDHAT-BUG-1593580 affects systems running NTP version 4.2.8p11.
The risks associated with REDHAT-BUG-1593580 include potential remote code execution and privilege escalation.
There are no specific workarounds for REDHAT-BUG-1593580; the best mitigation is to apply the recommended security updates.