 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.812790 |
| Kategorie: | General |
| Titel: | NTP.org 'ntpd' 'ctl_getitem()' And 'decodearr()' Multiple Vulnerabilities |
| Zusammenfassung: | NTP.org's reference implementation of NTP server, ntpd is prone to multiple vulnerabilities. |
| Beschreibung: | Summary: NTP.org's reference implementation of NTP server, ntpd is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to - An error in 'ctl_getitem()' which is used by ntpd to process incoming mode 6 packets. A malicious mode 6 packet can be sent to an ntpd instance, will cause 'ctl_getitem()' to read past the end of its buffer. - An error in 'decodearr()' which is used by ntpq can write beyond its buffer limit. Vulnerability Impact: Successful exploitation will allow an attacker to execute arbitrary code and obtain sensitive information that may lead to further attacks. Affected Software/OS: NTP.org's ntpd versions from 4.2.8p6 and before 4.2.8p11. Solution: Upgrade to NTP version 4.2.8p11 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
BugTraq ID: 103191 BugTraq ID: 103351 Common Vulnerability Exposure (CVE) ID: CVE-2018-7182 http://www.securityfocus.com/bid/103191 Bugtraq: 20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02) (Google Search) http://www.securityfocus.com/archive/1/541824/100/0/threaded https://www.exploit-db.com/exploits/45846/ FreeBSD Security Advisory: FreeBSD-SA-18:02 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc https://security.gentoo.org/glsa/201805-12 http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html https://usn.ubuntu.com/3707-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-7183 http://www.securityfocus.com/bid/103351 http://support.ntp.org/bin/view/Main/NtpBug3414 http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S https://security.netapp.com/advisory/ntap-20180626-0001/ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us https://www.synology.com/support/security/Synology_SA_18_13 https://www.oracle.com//security-alerts/cpujul2021.html https://usn.ubuntu.com/3707-2/ |
| Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |