#VU10802 Memory corruption in Network Time Protocol - CVE-2018-7183
Vulnerability identifier: #VU10802
Vulnerability risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Network Time Protocol
Server applications /
Other server solutions
Vendor: ntp.org
Description
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.
The weakness exists in the decodearr() function of the ntpq monitoring and control program for ntpd used by the Network Time Protocol due to boundary error while attempting to decode an array in a response string when formatted data is being displayed. A remote attacker who is able to read an ntpq request while the request is being transmitted to a remote ntpd server can forge and send a specially crafted response to the targeted system prior
to the remote ntpd server sending its response, trigger out-of-bounds
write in the decodearr()
function and inject and execute arbitrary code.
Mitigation
Update to version 4.2.8p11.
Vulnerable software versions
Network Time Protocol: 4.2.8p6 - 4.2.8p10
External links
https://www.ntp.org/downloads.html
https://www.freebsd.org/ports/master-index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
