Vulnerabilities > CVE-2018-12327 - Out-of-bounds Write vulnerability in NTP 4.2.8

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
ntp
CWE-787
nessus
exploit available

Summary

Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.

Vulnerable Configurations

Part Description Count
Application
Ntp
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionntp 4.2.8p11 - Local Buffer Overflow (PoC). CVE-2018-12327. Dos exploit for Linux platform
fileexploits/linux/dos/44909.txt
idEDB-ID:44909
last seen2018-06-20
modified2018-06-20
platformlinux
port
published2018-06-20
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44909/
titlentp 4.2.8p11 - Local Buffer Overflow (PoC)
typedos

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0180_NTP.NASL
    descriptionAn update of the ntp package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121884
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121884
    titlePhoton OS 1.0: Ntp PHSA-2018-1.0-0180
    code
    #
    # (C) Tenable Network Security, Inc.`
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0180. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121884);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/02 21:54:17");
    
      script_cve_id("CVE-2018-12327");
    
      script_name(english:"Photon OS 1.0: Ntp PHSA-2018-1.0-0180");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the ntp package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-180.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12327");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:ntp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"ntp-4.2.8p12-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"ntp-debuginfo-4.2.8p12-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1367.NASL
    descriptionThe ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.(CVE-2018-12327)
    last seen2020-06-01
    modified2020-06-02
    plugin id131236
    published2019-11-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131236
    titleAmazon Linux 2 : ntp (ALAS-2019-1367)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1367.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131236);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/09");
    
      script_cve_id("CVE-2018-12327");
      script_xref(name:"ALAS", value:"2019-1367");
    
      script_name(english:"Amazon Linux 2 : ntp (ALAS-2019-1367)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The ntpq and ntpdc command-line utilities that are part of ntp package
    are vulnerable to stack-based buffer overflow via crafted hostname.
    Applications using these vulnerable utilities with an untrusted input
    may be potentially exploited, resulting in a crash or arbitrary code
    execution under privileges of that application.(CVE-2018-12327)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1367.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update ntp' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntpdate");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sntp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", reference:"ntp-4.2.6p5-29.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"ntp-debuginfo-4.2.6p5-29.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"ntp-doc-4.2.6p5-29.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"ntp-perl-4.2.6p5-29.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"ntpdate-4.2.6p5-29.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"sntp-4.2.6p5-29.amzn2.0.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate / sntp");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3352-1.NASL
    descriptionNTP was updated to 4.2.8p12 (bsc#1111853) : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118356
    published2018-10-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118356
    titleSUSE SLES11 Security Update : ntp (SUSE-SU-2018:3352-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:3352-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118356);
      script_version("1.4");
      script_cvs_date("Date: 2019/09/10 13:51:49");
    
      script_cve_id("CVE-2018-12327", "CVE-2018-7170");
    
      script_name(english:"SUSE SLES11 Security Update : ntp (SUSE-SU-2018:3352-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "NTP was updated to 4.2.8p12 (bsc#1111853) :
    
    CVE-2018-12327: Fixed stack-based buffer overflow in the openhost()
    command-line call of NTPQ/NTPDC. (bsc#1098531)
    
    CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral
    association time spoofing additional protection (bsc#1083424)
    
    Please also see
    https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/
    for more information.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098531"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12327/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-7170/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20183352-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b8d42a4b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-ntp-13832=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-ntp-13832=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", reference:"ntp-4.2.8p12-64.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"ntp-doc-4.2.8p12-64.7.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0255_NTP.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ntp packages installed that are affected by a vulnerability: - Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. (CVE-2018-12327) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132434
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132434
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : ntp Vulnerability (NS-SA-2019-0255)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0255. The text
    # itself is copyright (C) ZTE, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132434);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2018-12327");
      script_bugtraq_id(104517);
    
      script_name(english:"NewStart CGSL CORE 5.05 / MAIN 5.05 : ntp Vulnerability (NS-SA-2019-0255)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by a vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ntp packages installed that are affected by a
    vulnerability:
    
      - Stack-based buffer overflow in ntpq and ntpdc of NTP
        version 4.2.8p11 allows an attacker to achieve code
        execution or escalate to higher privileges via a long
        string as the argument for an IPv4 or IPv6 command-line
        parameter. NOTE: It is unclear whether there are any
        common situations in which ntpq or ntpdc is used with a
        command line from an untrusted source. (CVE-2018-12327)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0255");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL ntp packages. Note that updated packages may not be available yet. Please contact ZTE for
    more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12327");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/31");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.05" &&
        release !~ "CGSL MAIN 5.05")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.05": [
        "ntp-4.2.6p5-29.el7.centos",
        "ntp-debuginfo-4.2.6p5-29.el7.centos",
        "ntp-doc-4.2.6p5-29.el7.centos",
        "ntp-perl-4.2.6p5-29.el7.centos",
        "ntpdate-4.2.6p5-29.el7.centos",
        "sntp-4.2.6p5-29.el7.centos"
      ],
      "CGSL MAIN 5.05": [
        "ntp-4.2.6p5-29.el7.centos",
        "ntp-debuginfo-4.2.6p5-29.el7.centos",
        "ntp-doc-4.2.6p5-29.el7.centos",
        "ntp-perl-4.2.6p5-29.el7.centos",
        "ntpdate-4.2.6p5-29.el7.centos",
        "sntp-4.2.6p5-29.el7.centos"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1083.NASL
    descriptionntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id117607
    published2018-09-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117607
    titleAmazon Linux AMI : ntp (ALAS-2018-1083)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1083.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(117607);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/05 23:25:05");
    
      script_cve_id("CVE-2018-12327", "CVE-2018-7170");
      script_xref(name:"ALAS", value:"2018-1083");
    
      script_name(english:"Amazon Linux AMI : ntp (ALAS-2018-1083)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "ntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know
    the private symmetric key to create arbitrarily-many ephemeral
    associations in order to win the clock selection of ntpd and modify a
    victim's clock via a Sybil attack. This issue exists because of an
    incomplete fix for CVE-2016-1549 .(CVE-2018-7170)
    
    The ntpq and ntpdc command-line utilities that are part of ntp package
    are vulnerable to stack-based buffer overflow via crafted hostname.
    Applications using these vulnerable utilities with an untrusted input
    may be potentially exploited, resulting in a crash or arbitrary code
    execution under privileges of that application.(CVE-2018-12327)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2018-1083.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update ntp' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntpdate");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/09/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"ntp-4.2.8p12-1.39.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"ntp-debuginfo-4.2.8p12-1.39.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"ntp-doc-4.2.8p12-1.39.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"ntp-perl-4.2.8p12-1.39.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"ntpdate-4.2.8p12-1.39.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1398.NASL
    descriptionAccording to the version of the ntp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.(CVE-2018-12327) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124901
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124901
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : ntp (EulerOS-SA-2019-1398)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124901);
      script_version("1.5");
      script_cvs_date("Date: 2019/06/27 13:33:25");
    
      script_cve_id(
        "CVE-2018-12327"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : ntp (EulerOS-SA-2019-1398)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the ntp packages installed, the EulerOS
    Virtualization for ARM 64 installation on the remote host is affected
    by the following vulnerability :
    
      - The ntpq and ntpdc command-line utilities that are part
        of ntp package are vulnerable to stack-based buffer
        overflow via crafted hostname. Applications using these
        vulnerable utilities with an untrusted input may be
        potentially exploited, resulting in a crash or
        arbitrary code execution under privileges of that
        application.(CVE-2018-12327)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1398
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?785cb41b");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ntp package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ntp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ntpdate");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sntp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["ntp-4.2.6p5-28.h8",
            "ntpdate-4.2.6p5-28.h8",
            "sntp-4.2.6p5-28.h8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3356-1.NASL
    descriptionNTP was updated to 4.2.8p12 (bsc#1111853) : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118357
    published2018-10-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118357
    titleSUSE SLES11 Security Update : ntp (SUSE-SU-2018:3356-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:3356-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118357);
      script_version("1.4");
      script_cvs_date("Date: 2019/09/10 13:51:49");
    
      script_cve_id("CVE-2018-12327", "CVE-2018-7170");
    
      script_name(english:"SUSE SLES11 Security Update : ntp (SUSE-SU-2018:3356-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "NTP was updated to 4.2.8p12 (bsc#1111853) :
    
    CVE-2018-12327: Fixed stack-based buffer overflow in the openhost()
    command-line call of NTPQ/NTPDC. (bsc#1098531)
    
    CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral
    association time spoofing additional protection (bsc#1083424)
    
    Please also see
    https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/
    for more information.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098531"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12327/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-7170/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20183356-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ddd0ce9d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch
    slessp3-ntp-13833=1
    
    SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
    sleposp3-ntp-13833=1
    
    SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch
    dbgsp3-ntp-13833=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"3", reference:"ntp-4.2.8p12-48.21.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"ntp-doc-4.2.8p12-48.21.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3854.NASL
    descriptionAn update for ntp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id119791
    published2018-12-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119791
    titleCentOS 6 : ntp (CESA-2018:3854)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3854 and 
    # CentOS Errata and Security Advisory 2018:3854 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119791);
      script_version("1.4");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2018-12327");
      script_xref(name:"RHSA", value:"2018:3854");
    
      script_name(english:"CentOS 6 : ntp (CESA-2018:3854)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for ntp is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Low. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link (s) in the References section.
    
    The Network Time Protocol (NTP) is used to synchronize a computer's
    time with another referenced time source. These packages include the
    ntpd service which continuously adjusts system time and utilities used
    to query and configure the ntpd service.
    
    Security Fix(es) :
    
    * ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of
    service or code execution (CVE-2018-12327)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section."
      );
      # https://lists.centos.org/pipermail/centos-announce/2018-December/023135.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5bc2b036"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected ntp packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12327");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ntp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ntp-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ntp-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ntpdate");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"ntp-4.2.6p5-15.el6.centos")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"ntp-doc-4.2.6p5-15.el6.centos")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"ntp-perl-4.2.6p5-15.el6.centos")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"ntpdate-4.2.6p5-15.el6.centos")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp / ntp-doc / ntp-perl / ntpdate");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201903-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201903-15 (NTP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a Denial of Service condition, escalate privileges, or remotely execute arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id122937
    published2019-03-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122937
    titleGLSA-201903-15 : NTP: Multiple vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1213.NASL
    descriptionAccording to the version of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.i1/4^CVE-2018-12327i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123899
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123899
    titleEulerOS Virtualization 2.5.4 : ntp (EulerOS-SA-2019-1213)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0088_NTP.NASL
    descriptionAn update of the ntp package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121990
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121990
    titlePhoton OS 2.0: Ntp PHSA-2018-2.0-0088
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-E585E25B72.NASL
    descriptionSecurity fix for CVE-2018-12327 and fixed fix for CVE-2018-7170. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120864
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120864
    titleFedora 28 : ntp (2018-e585e25b72)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0206_NTP.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ntp packages installed that are affected by a vulnerability: - Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. (CVE-2018-12327) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129940
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129940
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : ntp Vulnerability (NS-SA-2019-0206)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-856.NASL
    descriptionNTP was updated to 4.2.8p12 (bsc#1111853) : - CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123357
    published2019-03-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123357
    titleopenSUSE Security Update : ntp (openSUSE-2019-856)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_NTP_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327)
    last seen2020-03-18
    modified2019-08-27
    plugin id128244
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128244
    titleScientific Linux Security Update : ntp on SL7.x x86_64 (20190806)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3854.NASL
    descriptionAn update for ntp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id119803
    published2018-12-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119803
    titleRHEL 6 : ntp (RHSA-2018:3854)
  • NASL familyMisc.
    NASL idNTP_4_2_8P12.NASL
    descriptionThe version of the remote NTP server is 4.x prior to 4.2.8p12, or is 4.3.x prior to 4.3.94. It is, therefore, affected by the following vulnerabilities: - A race condition exists that is triggered during the handling of a saturation of ephemeral associations. An authenticated, remote attacker can exploit this to defeat NTP
    last seen2020-06-01
    modified2020-06-02
    plugin id111968
    published2018-08-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111968
    titleNetwork Time Protocol Daemon (ntpd) 4.x < 4.2.8p12 / 4.3.x < 4.3.94 Multiple Vulnerabilities
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-229-01.NASL
    descriptionNew ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111995
    published2018-08-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111995
    titleSlackware 14.0 / 14.1 / 14.2 / current : ntp (SSA:2018-229-01)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1053.NASL
    descriptionAccording to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-02-22
    plugin id122380
    published2019-02-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122380
    titleEulerOS 2.0 SP2 : ntp (EulerOS-SA-2019-1053)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3351-1.NASL
    descriptionNTP was updated to 4.2.8p12 (bsc#1111853) : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118355
    published2018-10-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118355
    titleSUSE SLES12 Security Update : ntp (SUSE-SU-2018:3351-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3854.NASL
    descriptionFrom Red Hat Security Advisory 2018:3854 : An update for ntp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id119796
    published2018-12-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119796
    titleOracle Linux 6 : ntp (ELSA-2018-3854)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2077.NASL
    descriptionAn update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id127666
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127666
    titleRHEL 7 : ntp (RHSA-2019:2077)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0290.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - add disable monitor to default ntp.conf [CVE-2013-5211] - fix buffer overflow in parsing of address in ntpq and ntpdc (CVE-2018-12327) - fix CVE-2016-7429 patch to work correctly on multicast client (#1422973) - fix buffer overflow in datum refclock driver (CVE-2017-6462) - fix crash with invalid unpeer command (CVE-2017-6463) - fix potential crash with invalid server command (CVE-2017-6464)
    last seen2020-03-28
    modified2018-12-21
    plugin id119823
    published2018-12-21
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119823
    titleOracleVM 3.3 / 3.4 : ntp (OVMSA-2018-0290)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0180_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121883
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121883
    titlePhoton OS 1.0: Linux PHSA-2018-1.0-0180
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2077.NASL
    descriptionAn update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id128347
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128347
    titleCentOS 7 : ntp (CESA-2019:2077)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1014.NASL
    descriptionAccording to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-01-08
    plugin id121002
    published2019-01-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121002
    titleEulerOS 2.0 SP5 : ntp (EulerOS-SA-2019-1014)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1037.NASL
    descriptionAccording to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-02-15
    plugin id122210
    published2019-02-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122210
    titleEulerOS 2.0 SP3 : ntp (EulerOS-SA-2019-1037)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0150_NTP.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has ntp packages installed that are affected by a vulnerability: - The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application. (CVE-2018-12327) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127422
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127422
    titleNewStart CGSL MAIN 4.05 : ntp Vulnerability (NS-SA-2019-0150)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1275.NASL
    descriptionNTP was updated to 4.2.8p12 (bsc#1111853) : - CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-10-26
    plugin id118445
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118445
    titleopenSUSE Security Update : ntp (openSUSE-2018-1275)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10951_192R1.NASL
    descriptionAccording to its self-reported version number, the remote Junos Space version is prior to 19.2R1. It is, therefore, affected by multiple vulnerabilities: - A memory double free vulnerability exists in The libcurl API function called `curl_maprintf()` before version 7.51.0 due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. An unauthiticated remote attacker can leverage this issue to perform unauthorized actions. This may aid in further attacks. (CVE-2016-8618) - A denial of service (DoS) vulnerability exists in Node.js 6.16.0 and earlier due to that Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes. An unauthenticated, remote attacker can exploit this issue to cause a denial of service. (CVE-2016-8619) - A vulnerability in curl before version 7.51.0 due to the use of an outdated IDNA 2003 standard to handle International Domain Names. This could lead users to unknowingly issue network transfer requests to the wrong host. (CVE-2016-8625)
    last seen2020-06-01
    modified2020-06-02
    plugin id131701
    published2019-12-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131701
    titleJuniper Junos Space < 19.2R1 Multiple Vulnerabilities (JSA10951)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0180.NASL
    descriptionAn update of 'ntp', 'linux', 'linux-esx' packages of Photon OS has been released. This kernel update mitigates the vulnerability CVE-2018-3620 commonly referred as L1 terminal fault (L1TF).
    last seen2019-02-21
    modified2019-02-07
    plugin id112223
    published2018-08-31
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=112223
    titlePhoton OS 1.0: Ntp / Linux PHSA-2018-1.0-0180 (deprecated)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3342-1.NASL
    descriptionNTP was updated to 4.2.8p12 (bsc#1111853) : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118352
    published2018-10-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118352
    titleSUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2018:3342-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1556.NASL
    descriptionAccording to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in the NTP server
    last seen2020-06-01
    modified2020-06-02
    plugin id125009
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125009
    titleEulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0088.NASL
    descriptionAn update of 'linux-aws', 'linux-secure', 'linux-esx', 'linux', 'ntp' packages of Photon OS has been released. This kernel update mitigates the vulnerability CVE-2018-3620 commonly referred as L1 terminal fault (L1TF).
    last seen2019-02-21
    modified2019-02-07
    plugin id112222
    published2018-08-31
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=112222
    titlePhoton OS 2.0: Ntp / Linux PHSA-2018-2.0-0088 (deprecated)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1207.NASL
    descriptionAccording to the version of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.i1/4^CVE-2018-12327i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123893
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123893
    titleEulerOS Virtualization 2.5.3 : ntp (EulerOS-SA-2019-1207)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181220_NTP_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327)
    last seen2020-03-18
    modified2018-12-27
    plugin id119884
    published2018-12-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119884
    titleScientific Linux Security Update : ntp on SL6.x i386/x86_64 (20181220)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3853.NASL
    descriptionAn update for ntp is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id119802
    published2018-12-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119802
    titleRHEL 6 : ntp (RHSA-2018:3853)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1280.NASL
    descriptionThis update for NTP to version 4.2.8p12 fixes the following vulnerabilities (bsc#1111853) : - CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-05
    modified2018-10-26
    plugin id118450
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118450
    titleopenSUSE Security Update : ntp (openSUSE-2018-1280)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3386-1.NASL
    descriptionNTP was updated to 4.2.8p12 (bsc#1111853) : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id120143
    published2019-01-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120143
    titleSUSE SLES15 Security Update : ntp (SUSE-SU-2018:3386-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0088_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121989
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121989
    titlePhoton OS 2.0: Linux PHSA-2018-2.0-0088

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/148271/ntp428p11-overflow.txt
idPACKETSTORM:148271
last seen2018-06-23
published2018-06-21
reporterFakhri Zulkifli
sourcehttps://packetstormsecurity.com/files/148271/ntp-4.2.8p11-Local-Buffer-Overflow.html
titlentp 4.2.8p11 Local Buffer Overflow

Redhat

advisories
  • bugzilla
    id1593580
    titleCVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentntp-doc is earlier than 0:4.2.6p5-15.el6_10
            ovaloval:com.redhat.rhsa:tst:20183854001
          • commentntp-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20142024004
        • AND
          • commentntp-perl is earlier than 0:4.2.6p5-15.el6_10
            ovaloval:com.redhat.rhsa:tst:20183854003
          • commentntp-perl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20142024002
        • AND
          • commentntpdate is earlier than 0:4.2.6p5-15.el6_10
            ovaloval:com.redhat.rhsa:tst:20183854005
          • commentntpdate is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20142024008
        • AND
          • commentntp is earlier than 0:4.2.6p5-15.el6_10
            ovaloval:com.redhat.rhsa:tst:20183854007
          • commentntp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20142024006
    rhsa
    idRHSA-2018:3854
    released2018-12-19
    severityLow
    titleRHSA-2018:3854: ntp security update (Low)
  • bugzilla
    id1593580
    titleCVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentntp is earlier than 0:4.2.6p5-29.el7
            ovaloval:com.redhat.rhsa:tst:20192077001
          • commentntp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20142024006
        • AND
          • commentntpdate is earlier than 0:4.2.6p5-29.el7
            ovaloval:com.redhat.rhsa:tst:20192077003
          • commentntpdate is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20142024008
        • AND
          • commentntp-doc is earlier than 0:4.2.6p5-29.el7
            ovaloval:com.redhat.rhsa:tst:20192077005
          • commentntp-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20142024004
        • AND
          • commentntp-perl is earlier than 0:4.2.6p5-29.el7
            ovaloval:com.redhat.rhsa:tst:20192077007
          • commentntp-perl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20142024002
        • AND
          • commentsntp is earlier than 0:4.2.6p5-29.el7
            ovaloval:com.redhat.rhsa:tst:20192077009
          • commentsntp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20142024013
    rhsa
    idRHSA-2019:2077
    released2019-08-06
    severityLow
    titleRHSA-2019:2077: ntp security, bug fix, and enhancement update (Low)
  • rhsa
    idRHSA-2018:3853
rpms
  • ntp-0:4.2.6p5-5.el6_7.6
  • ntp-debuginfo-0:4.2.6p5-5.el6_7.6
  • ntp-doc-0:4.2.6p5-5.el6_7.6
  • ntp-perl-0:4.2.6p5-5.el6_7.6
  • ntpdate-0:4.2.6p5-5.el6_7.6
  • ntp-0:4.2.6p5-15.el6_10
  • ntp-debuginfo-0:4.2.6p5-15.el6_10
  • ntp-doc-0:4.2.6p5-15.el6_10
  • ntp-perl-0:4.2.6p5-15.el6_10
  • ntpdate-0:4.2.6p5-15.el6_10
  • ntp-0:4.2.6p5-29.el7
  • ntp-debuginfo-0:4.2.6p5-29.el7
  • ntp-doc-0:4.2.6p5-29.el7
  • ntp-perl-0:4.2.6p5-29.el7
  • ntpdate-0:4.2.6p5-29.el7
  • sntp-0:4.2.6p5-29.el7
  • ntp-0:4.2.6p5-28.el7_6.1
  • ntp-debuginfo-0:4.2.6p5-28.el7_6.1
  • ntp-doc-0:4.2.6p5-28.el7_6.1
  • ntp-perl-0:4.2.6p5-28.el7_6.1
  • ntpdate-0:4.2.6p5-28.el7_6.1
  • sntp-0:4.2.6p5-28.el7_6.1