SB2023051059 - Multiple vulnerabilities in ntp
Published: May 10, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2023-26555)
The vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within praecis_parse() function in ntpd/refclock_palisade.c. An attacker with physical proximity to device can trigger an out-of-bounds write error by manipulating the GPS receiver and execute arbitrary code on the target system.
2) Out-of-bounds write (CVE-ID: CVE-2023-26554)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within mstolfp in libntp/mstolfp.c. A remote attacker with control over a malicious NTP server can trick the victim into connecting to it, trigger an out-of-bounds write and execute arbitrary code on the target system via the client ntpq process.
3) Out-of-bounds write (CVE-ID: CVE-2023-26553)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within mstolfp in libntp/mstolfp.c. A remote attacker with control over a malicious NTP server can trick the victim into connecting to it, trigger an out-of-bounds write and execute arbitrary code on the target system via the client ntpq process.
4) Out-of-bounds write (CVE-ID: CVE-2023-26552)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within mstolfp in libntp/mstolfp.c. A remote attacker with control over a malicious NTP server can trick the victim into connecting to it, trigger an out-of-bounds write and execute arbitrary code on the target system via the client ntpq process.
5) Out-of-bounds write (CVE-ID: CVE-2023-26551)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within mstolfp in libntp/mstolfp.c. A remote attacker with control over a malicious NTP server can trick the victim into connecting to it, trigger an out-of-bounds write and execute arbitrary code on the target system via the client ntpq process.
Remediation
Install update from vendor's website.
References
- https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555
- https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409
- https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26554
- https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321
- https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26553
- https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552
- https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26551