Vulnerabilities > CVE-2018-12327 - Out-of-bounds Write vulnerability in NTP 4.2.8
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
Common Weakness Enumeration (CWE)
Exploit-Db
| description | ntp 4.2.8p11 - Local Buffer Overflow (PoC). CVE-2018-12327. Dos exploit for Linux platform |
| file | exploits/linux/dos/44909.txt |
| id | EDB-ID:44909 |
| last seen | 2018-06-20 |
| modified | 2018-06-20 |
| platform | linux |
| port | |
| published | 2018-06-20 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/44909/ |
| title | ntp 4.2.8p11 - Local Buffer Overflow (PoC) |
| type | dos |
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0180_NTP.NASL description An update of the ntp package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 121884 published 2019-02-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121884 title Photon OS 1.0: Ntp PHSA-2018-1.0-0180 code # # (C) Tenable Network Security, Inc.` # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0180. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(121884); script_version("1.2"); script_cvs_date("Date: 2019/04/02 21:54:17"); script_cve_id("CVE-2018-12327"); script_name(english:"Photon OS 1.0: Ntp PHSA-2018-1.0-0180"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the ntp package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-180.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12327"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/28"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:ntp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"ntp-4.2.8p12-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"ntp-debuginfo-4.2.8p12-1.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp"); }NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1367.NASL description The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.(CVE-2018-12327) last seen 2020-06-01 modified 2020-06-02 plugin id 131236 published 2019-11-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131236 title Amazon Linux 2 : ntp (ALAS-2019-1367) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1367. # include("compat.inc"); if (description) { script_id(131236); script_version("1.2"); script_cvs_date("Date: 2019/12/09"); script_cve_id("CVE-2018-12327"); script_xref(name:"ALAS", value:"2019-1367"); script_name(english:"Amazon Linux 2 : ntp (ALAS-2019-1367)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux 2 host is missing a security update." ); script_set_attribute( attribute:"description", value: "The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.(CVE-2018-12327)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1367.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update ntp' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntpdate"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:sntp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/20"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "2") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"AL2", reference:"ntp-4.2.6p5-29.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"ntp-debuginfo-4.2.6p5-29.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"ntp-doc-4.2.6p5-29.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"ntp-perl-4.2.6p5-29.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"ntpdate-4.2.6p5-29.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"sntp-4.2.6p5-29.amzn2.0.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate / sntp"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3352-1.NASL description NTP was updated to 4.2.8p12 (bsc#1111853) : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118356 published 2018-10-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118356 title SUSE SLES11 Security Update : ntp (SUSE-SU-2018:3352-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:3352-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(118356); script_version("1.4"); script_cvs_date("Date: 2019/09/10 13:51:49"); script_cve_id("CVE-2018-12327", "CVE-2018-7170"); script_name(english:"SUSE SLES11 Security Update : ntp (SUSE-SU-2018:3352-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "NTP was updated to 4.2.8p12 (bsc#1111853) : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083424" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1098531" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1111853" ); script_set_attribute( attribute:"see_also", value:"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12327/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7170/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20183352-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b8d42a4b" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-ntp-13832=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-ntp-13832=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", reference:"ntp-4.2.8p12-64.7.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"ntp-doc-4.2.8p12-64.7.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp"); }NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0255_NTP.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ntp packages installed that are affected by a vulnerability: - Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. (CVE-2018-12327) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132434 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132434 title NewStart CGSL CORE 5.05 / MAIN 5.05 : ntp Vulnerability (NS-SA-2019-0255) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0255. The text # itself is copyright (C) ZTE, Inc. include('compat.inc'); if (description) { script_id(132434); script_version("1.2"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2018-12327"); script_bugtraq_id(104517); script_name(english:"NewStart CGSL CORE 5.05 / MAIN 5.05 : ntp Vulnerability (NS-SA-2019-0255)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by a vulnerability."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ntp packages installed that are affected by a vulnerability: - Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. (CVE-2018-12327) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0255"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL ntp packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12327"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/20"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/31"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL CORE 5.05" && release !~ "CGSL MAIN 5.05") audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL CORE 5.05": [ "ntp-4.2.6p5-29.el7.centos", "ntp-debuginfo-4.2.6p5-29.el7.centos", "ntp-doc-4.2.6p5-29.el7.centos", "ntp-perl-4.2.6p5-29.el7.centos", "ntpdate-4.2.6p5-29.el7.centos", "sntp-4.2.6p5-29.el7.centos" ], "CGSL MAIN 5.05": [ "ntp-4.2.6p5-29.el7.centos", "ntp-debuginfo-4.2.6p5-29.el7.centos", "ntp-doc-4.2.6p5-29.el7.centos", "ntp-perl-4.2.6p5-29.el7.centos", "ntpdate-4.2.6p5-29.el7.centos", "sntp-4.2.6p5-29.el7.centos" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1083.NASL description ntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim last seen 2020-06-01 modified 2020-06-02 plugin id 117607 published 2018-09-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117607 title Amazon Linux AMI : ntp (ALAS-2018-1083) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1083. # include("compat.inc"); if (description) { script_id(117607); script_version("1.2"); script_cvs_date("Date: 2019/04/05 23:25:05"); script_cve_id("CVE-2018-12327", "CVE-2018-7170"); script_xref(name:"ALAS", value:"2018-1083"); script_name(english:"Amazon Linux AMI : ntp (ALAS-2018-1083)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "ntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549 .(CVE-2018-7170) The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.(CVE-2018-12327)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2018-1083.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update ntp' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntp-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ntpdate"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"ntp-4.2.8p12-1.39.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ntp-debuginfo-4.2.8p12-1.39.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ntp-doc-4.2.8p12-1.39.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ntp-perl-4.2.8p12-1.39.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ntpdate-4.2.8p12-1.39.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp / ntp-debuginfo / ntp-doc / ntp-perl / ntpdate"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1398.NASL description According to the version of the ntp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.(CVE-2018-12327) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124901 published 2019-05-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124901 title EulerOS Virtualization for ARM 64 3.0.1.0 : ntp (EulerOS-SA-2019-1398) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124901); script_version("1.5"); script_cvs_date("Date: 2019/06/27 13:33:25"); script_cve_id( "CVE-2018-12327" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : ntp (EulerOS-SA-2019-1398)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the ntp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.(CVE-2018-12327) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1398 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?785cb41b"); script_set_attribute(attribute:"solution", value: "Update the affected ntp package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ntp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ntpdate"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sntp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["ntp-4.2.6p5-28.h8", "ntpdate-4.2.6p5-28.h8", "sntp-4.2.6p5-28.h8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3356-1.NASL description NTP was updated to 4.2.8p12 (bsc#1111853) : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118357 published 2018-10-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118357 title SUSE SLES11 Security Update : ntp (SUSE-SU-2018:3356-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:3356-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(118357); script_version("1.4"); script_cvs_date("Date: 2019/09/10 13:51:49"); script_cve_id("CVE-2018-12327", "CVE-2018-7170"); script_name(english:"SUSE SLES11 Security Update : ntp (SUSE-SU-2018:3356-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "NTP was updated to 4.2.8p12 (bsc#1111853) : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083424" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1098531" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1111853" ); script_set_attribute( attribute:"see_also", value:"https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12327/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7170/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20183356-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ddd0ce9d" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch slessp3-ntp-13833=1 SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch sleposp3-ntp-13833=1 SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch dbgsp3-ntp-13833=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ntp-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"3", reference:"ntp-4.2.8p12-48.21.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"ntp-doc-4.2.8p12-48.21.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-3854.NASL description An update for ntp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 119791 published 2018-12-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119791 title CentOS 6 : ntp (CESA-2018:3854) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:3854 and # CentOS Errata and Security Advisory 2018:3854 respectively. # include("compat.inc"); if (description) { script_id(119791); script_version("1.4"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2018-12327"); script_xref(name:"RHSA", value:"2018:3854"); script_name(english:"CentOS 6 : ntp (CESA-2018:3854)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for ntp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es) : * ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section." ); # https://lists.centos.org/pipermail/centos-announce/2018-December/023135.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5bc2b036" ); script_set_attribute(attribute:"solution", value:"Update the affected ntp packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12327"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ntp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ntp-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ntp-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ntpdate"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/20"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"ntp-4.2.6p5-15.el6.centos")) flag++; if (rpm_check(release:"CentOS-6", reference:"ntp-doc-4.2.6p5-15.el6.centos")) flag++; if (rpm_check(release:"CentOS-6", reference:"ntp-perl-4.2.6p5-15.el6.centos")) flag++; if (rpm_check(release:"CentOS-6", reference:"ntpdate-4.2.6p5-15.el6.centos")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp / ntp-doc / ntp-perl / ntpdate"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201903-15.NASL description The remote host is affected by the vulnerability described in GLSA-201903-15 (NTP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a Denial of Service condition, escalate privileges, or remotely execute arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 122937 published 2019-03-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122937 title GLSA-201903-15 : NTP: Multiple vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1213.NASL description According to the version of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.i1/4^CVE-2018-12327i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-04-09 plugin id 123899 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123899 title EulerOS Virtualization 2.5.4 : ntp (EulerOS-SA-2019-1213) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0088_NTP.NASL description An update of the ntp package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 121990 published 2019-02-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121990 title Photon OS 2.0: Ntp PHSA-2018-2.0-0088 NASL family Fedora Local Security Checks NASL id FEDORA_2018-E585E25B72.NASL description Security fix for CVE-2018-12327 and fixed fix for CVE-2018-7170. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120864 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120864 title Fedora 28 : ntp (2018-e585e25b72) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0206_NTP.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ntp packages installed that are affected by a vulnerability: - Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. (CVE-2018-12327) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 129940 published 2019-10-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129940 title NewStart CGSL CORE 5.04 / MAIN 5.04 : ntp Vulnerability (NS-SA-2019-0206) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-856.NASL description NTP was updated to 4.2.8p12 (bsc#1111853) : - CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123357 published 2019-03-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123357 title openSUSE Security Update : ntp (openSUSE-2019-856) NASL family Scientific Linux Local Security Checks NASL id SL_20190806_NTP_ON_SL7_X.NASL description Security Fix(es) : - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) last seen 2020-03-18 modified 2019-08-27 plugin id 128244 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128244 title Scientific Linux Security Update : ntp on SL7.x x86_64 (20190806) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3854.NASL description An update for ntp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 119803 published 2018-12-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119803 title RHEL 6 : ntp (RHSA-2018:3854) NASL family Misc. NASL id NTP_4_2_8P12.NASL description The version of the remote NTP server is 4.x prior to 4.2.8p12, or is 4.3.x prior to 4.3.94. It is, therefore, affected by the following vulnerabilities: - A race condition exists that is triggered during the handling of a saturation of ephemeral associations. An authenticated, remote attacker can exploit this to defeat NTP last seen 2020-06-01 modified 2020-06-02 plugin id 111968 published 2018-08-17 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111968 title Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p12 / 4.3.x < 4.3.94 Multiple Vulnerabilities NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-229-01.NASL description New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111995 published 2018-08-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111995 title Slackware 14.0 / 14.1 / 14.2 / current : ntp (SSA:2018-229-01) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1053.NASL description According to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-02-22 plugin id 122380 published 2019-02-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122380 title EulerOS 2.0 SP2 : ntp (EulerOS-SA-2019-1053) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3351-1.NASL description NTP was updated to 4.2.8p12 (bsc#1111853) : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118355 published 2018-10-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118355 title SUSE SLES12 Security Update : ntp (SUSE-SU-2018:3351-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-3854.NASL description From Red Hat Security Advisory 2018:3854 : An update for ntp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 119796 published 2018-12-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119796 title Oracle Linux 6 : ntp (ELSA-2018-3854) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2077.NASL description An update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 127666 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127666 title RHEL 7 : ntp (RHSA-2019:2077) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0290.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - add disable monitor to default ntp.conf [CVE-2013-5211] - fix buffer overflow in parsing of address in ntpq and ntpdc (CVE-2018-12327) - fix CVE-2016-7429 patch to work correctly on multicast client (#1422973) - fix buffer overflow in datum refclock driver (CVE-2017-6462) - fix crash with invalid unpeer command (CVE-2017-6463) - fix potential crash with invalid server command (CVE-2017-6464) last seen 2020-03-28 modified 2018-12-21 plugin id 119823 published 2018-12-21 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119823 title OracleVM 3.3 / 3.4 : ntp (OVMSA-2018-0290) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0180_LINUX.NASL description An update of the linux package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121883 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121883 title Photon OS 1.0: Linux PHSA-2018-1.0-0180 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2077.NASL description An update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 128347 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128347 title CentOS 7 : ntp (CESA-2019:2077) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1014.NASL description According to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-01-08 plugin id 121002 published 2019-01-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121002 title EulerOS 2.0 SP5 : ntp (EulerOS-SA-2019-1014) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1037.NASL description According to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-02-15 plugin id 122210 published 2019-02-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122210 title EulerOS 2.0 SP3 : ntp (EulerOS-SA-2019-1037) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0150_NTP.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has ntp packages installed that are affected by a vulnerability: - The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application. (CVE-2018-12327) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127422 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127422 title NewStart CGSL MAIN 4.05 : ntp Vulnerability (NS-SA-2019-0150) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1275.NASL description NTP was updated to 4.2.8p12 (bsc#1111853) : - CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-10-26 plugin id 118445 published 2018-10-26 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118445 title openSUSE Security Update : ntp (openSUSE-2018-1275) NASL family Junos Local Security Checks NASL id JUNIPER_SPACE_JSA10951_192R1.NASL description According to its self-reported version number, the remote Junos Space version is prior to 19.2R1. It is, therefore, affected by multiple vulnerabilities: - A memory double free vulnerability exists in The libcurl API function called `curl_maprintf()` before version 7.51.0 due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. An unauthiticated remote attacker can leverage this issue to perform unauthorized actions. This may aid in further attacks. (CVE-2016-8618) - A denial of service (DoS) vulnerability exists in Node.js 6.16.0 and earlier due to that Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes. An unauthenticated, remote attacker can exploit this issue to cause a denial of service. (CVE-2016-8619) - A vulnerability in curl before version 7.51.0 due to the use of an outdated IDNA 2003 standard to handle International Domain Names. This could lead users to unknowingly issue network transfer requests to the wrong host. (CVE-2016-8625) last seen 2020-06-01 modified 2020-06-02 plugin id 131701 published 2019-12-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131701 title Juniper Junos Space < 19.2R1 Multiple Vulnerabilities (JSA10951) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0180.NASL description An update of 'ntp', 'linux', 'linux-esx' packages of Photon OS has been released. This kernel update mitigates the vulnerability CVE-2018-3620 commonly referred as L1 terminal fault (L1TF). last seen 2019-02-21 modified 2019-02-07 plugin id 112223 published 2018-08-31 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=112223 title Photon OS 1.0: Ntp / Linux PHSA-2018-1.0-0180 (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3342-1.NASL description NTP was updated to 4.2.8p12 (bsc#1111853) : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118352 published 2018-10-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118352 title SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2018:3342-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1556.NASL description According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in the NTP server last seen 2020-06-01 modified 2020-06-02 plugin id 125009 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125009 title EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0088.NASL description An update of 'linux-aws', 'linux-secure', 'linux-esx', 'linux', 'ntp' packages of Photon OS has been released. This kernel update mitigates the vulnerability CVE-2018-3620 commonly referred as L1 terminal fault (L1TF). last seen 2019-02-21 modified 2019-02-07 plugin id 112222 published 2018-08-31 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=112222 title Photon OS 2.0: Ntp / Linux PHSA-2018-2.0-0088 (deprecated) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1207.NASL description According to the version of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.i1/4^CVE-2018-12327i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-04-09 plugin id 123893 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123893 title EulerOS Virtualization 2.5.3 : ntp (EulerOS-SA-2019-1207) NASL family Scientific Linux Local Security Checks NASL id SL_20181220_NTP_ON_SL6_X.NASL description Security Fix(es) : - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) last seen 2020-03-18 modified 2018-12-27 plugin id 119884 published 2018-12-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119884 title Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20181220) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3853.NASL description An update for ntp is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 119802 published 2018-12-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119802 title RHEL 6 : ntp (RHSA-2018:3853) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1280.NASL description This update for NTP to version 4.2.8p12 fixes the following vulnerabilities (bsc#1111853) : - CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. This update was imported from the SUSE:SLE-12-SP1:Update update project. last seen 2020-06-05 modified 2018-10-26 plugin id 118450 published 2018-10-26 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118450 title openSUSE Security Update : ntp (openSUSE-2018-1280) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3386-1.NASL description NTP was updated to 4.2.8p12 (bsc#1111853) : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 120143 published 2019-01-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120143 title SUSE SLES15 Security Update : ntp (SUSE-SU-2018:3386-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0088_LINUX.NASL description An update of the linux package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121989 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121989 title Photon OS 2.0: Linux PHSA-2018-2.0-0088
Packetstorm
| data source | https://packetstormsecurity.com/files/download/148271/ntp428p11-overflow.txt |
| id | PACKETSTORM:148271 |
| last seen | 2018-06-23 |
| published | 2018-06-21 |
| reporter | Fakhri Zulkifli |
| source | https://packetstormsecurity.com/files/148271/ntp-4.2.8p11-Local-Buffer-Overflow.html |
| title | ntp 4.2.8p11 Local Buffer Overflow |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f
- https://www.exploit-db.com/exploits/44909/
- http://www.securityfocus.com/bid/104517
- https://access.redhat.com/errata/RHSA-2018:3854
- https://access.redhat.com/errata/RHSA-2018:3853
- https://security.gentoo.org/glsa/201903-15
- https://access.redhat.com/errata/RHSA-2019:2077
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
- https://usn.ubuntu.com/4229-1/