#VU12125 Configuration error in ntp - CVE-2017-6463

Cybersecurity Help s.r.o.

Published: 2018-04-24

Vulnerability identifier: #VU12125

Vulnerability risk: Medium

CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]

CVE-ID: CVE-2017-6463

CWE-ID: CWE-16

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ntp
Server applications / Other server solutions

Vendor: ntp.org

Description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the unpeer option due to the NTP server's parsing of configuration directives. A remote attacker can submit a specially crafted message and cause the service to crash.

Mitigation
Update to versions 4.2.8p10 or 4.3.94.

Vulnerable software versions

ntp: 4.2.8 - 4.3.93

External links
https://support.ntp.org/bin/view/Main/NtpBug3387

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple NTP vulnerabilities in Junos OS and Junos OS Evolved

Red Hat update for ntp

Slackware Linux update for ntp

Amazon Linux AMI update for ntp

Fedora 26 update for ntp

Fedora 25 update for ntp

Fedora 24 update for ntp