#VU75999 Out-of-bounds write in ntp - CVE-2023-26552


Vulnerability identifier: #VU75999

Vulnerability risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-26552

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ntp
Server applications / Other server solutions

Vendor: ntp.org

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within mstolfp in libntp/mstolfp.c. A remote attacker with control over a malicious NTP server can trick the victim into connecting to it, trigger an out-of-bounds write and execute arbitrary code on the target system via the client ntpq process.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

ntp: 4.2.8 - 4.2.8p15

External links
https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552
https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Cloud Object System
Multiple vulnerabilities in Dell RecoverPoint for Virtual Machines
Denial of service in HP-UX NTP
IBM Integrated Analytics System update for Network Time Protocol (NTP)
IBM Integrated Analytics System update for Network Time Protocol (NTP)
Multiple vulnerabilities in Siemens SITOP UPS1600
Multiple vulnerabilities in Dell NetWorker vProxy
Junos OS and Junos OS Evolved update for NTP
Slackware Linux update for ntp
openEuler update for ntp