Vulnerabilities > CVE-2019-6442 - Out-of-bounds Write vulnerability in Ntpsec
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 14 |
Common Weakness Enumeration (CWE)
Exploit-Db
file | exploits/linux/dos/46178.py |
id | EDB-ID:46178 |
last seen | 2019-01-16 |
modified | 2019-01-16 |
platform | linux |
port | 123 |
published | 2019-01-16 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/46178 |
title | NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC) |
type | dos |
Nessus
NASL family | SuSE Local Security Checks |
NASL id | OPENSUSE-2019-82.NASL |
description | This update for ntpsec to version 1.1.3 fixes the following issues : Security issues fixed : - CVE-2019-6442: Fixed a out of bounds write via a malformed config request (boo#1122132) - CVE-2019-6443: Fixed a stack-based buffer over-read in the ctl_getitem function (boo#1122144) - CVE-2019-6444: Fixed a stack-based buffer over-read in the process_control function (boo#1122134) - CVE-2019-6445: Fixed a NULL pointer dereference in the ctl_getitem function (boo#1122131) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 121340 |
published | 2019-01-24 |
reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/121340 |
title | openSUSE Security Update : ntpsec (openSUSE-2019-82) |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/151198/ntpsec112confi-oobwrite.txt |
id | PACKETSTORM:151198 |
last seen | 2019-01-17 |
published | 2019-01-16 |
reporter | Magnus Klaaborg Stubman |
source | https://packetstormsecurity.com/files/151198/NTPsec-1.1.2-config-Out-Of-Bounds-Write.html |
title | NTPsec 1.1.2 config Out-Of-Bounds Write |
References
- https://dumpco.re/blog/ntpsec-bugs
- https://dumpco.re/bugs/ntpsec-authed-oobwrite
- https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS
- https://www.exploit-db.com/exploits/46178/
- https://dumpco.re/blog/ntpsec-bugs
- https://www.exploit-db.com/exploits/46178/
- https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS
- https://dumpco.re/bugs/ntpsec-authed-oobwrite