Multiple vulnerabilities in linuxptp
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-3570 CVE-2021-3571 |
| CWE-ID | CWE-119 CWE-401 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
linuxptp Universal components / Libraries / Libraries used by multiple products |
| Vendor | Richard Cochran |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU54573
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3570
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when forwarding PTP messages between ports in ptp41 program. A remote attacker can send specially crafted messages to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionslinuxptp: 1.0 - 3.1
CPE2.3- cpe:2.3:a:richard_cochran:linuxptp:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:richard_cochran:linuxptp:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:richard_cochran:linuxptp:1.2:*:*:*:*:*:*:*
https://seclists.org/oss-sec/2021/q3/4
https://bugzilla.redhat.com/show_bug.cgi?id=1966240
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU54574
Risk: Medium
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3571
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information or perform DoS attack on the target system.
The vulnerability exists due memory leak in ptp4l program when processing PTP one-step sync messages. A remote attacker can send specially crafted one-step sync messages to the system, force the application to leak memory and perform denial of service attack or gain access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionslinuxptp: 2.0 - 3.1
CPE2.3- cpe:2.3:a:richard_cochran:linuxptp:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:richard_cochran:linuxptp:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:richard_cochran:linuxptp:3.1:*:*:*:*:*:*:*
https://seclists.org/oss-sec/2021/q3/4
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-3571
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
