#VU76002 Out-of-bounds write in ntp


Vulnerability identifier: #VU76002

Vulnerability risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-26555

CWE-ID: CWE-787

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
ntp
Server applications / Other server solutions

Vendor: ntp.org

Description

The vulnerability allows an attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within praecis_parse() function in ntpd/refclock_palisade.c. An attacker with physical proximity to device can trigger an out-of-bounds write error by manipulating the GPS receiver and execute arbitrary code on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

ntp: 4.2.8 - 4.2.8p15

External links
http://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555
http://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC VxRail Appliance
Junos OS and Junos OS Evolved update for NTP
Multiple vulnerabilities in Dell Data Protection Central
Fedora 37 update for ntp-refclock
Fedora 38 update for ntp-refclock
SUSE update for ntp
SUSE update for ntp
Slackware Linux update for ntp
openEuler update for ntp
Multiple vulnerabilities in ntp