Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-6460 (GCVE-0-2017-6460)
Vulnerability from cvelistv5 – Published: 2017-03-27 17:00 – Updated: 2024-08-05 15:33
VLAI?
EPSS
Summary
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:19.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "97052",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2017-6460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:46.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "97052",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2017-6460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "97052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97052"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3377",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2017-6460",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2017-6460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6460",
"datePublished": "2017-03-27T17:00:00.000Z",
"dateReserved": "2017-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:33:19.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2017-AVI-320
Vulnerability from certfr_avis - Published: 2017-09-26 - Updated: 2017-09-26
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Server versions ant\u00e9rieures \u00e0 5.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7127",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7127"
},
{
"name": "CVE-2017-7129",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7129"
},
{
"name": "CVE-2017-9233",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
},
{
"name": "CVE-2017-7091",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7091"
},
{
"name": "CVE-2017-7121",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7121"
},
{
"name": "CVE-2017-7128",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7128"
},
{
"name": "CVE-2016-9842",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
},
{
"name": "CVE-2017-7098",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7098"
},
{
"name": "CVE-2017-0381",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0381"
},
{
"name": "CVE-2017-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7104"
},
{
"name": "CVE-2017-7111",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7111"
},
{
"name": "CVE-2017-7102",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7102"
},
{
"name": "CVE-2017-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10979"
},
{
"name": "CVE-2017-7081",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7081"
},
{
"name": "CVE-2017-7120",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7120"
},
{
"name": "CVE-2017-7141",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7141"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2017-7114",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7114"
},
{
"name": "CVE-2017-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10978"
},
{
"name": "CVE-2017-7117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7117"
},
{
"name": "CVE-2017-7126",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7126"
},
{
"name": "CVE-2017-7084",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7084"
},
{
"name": "CVE-2017-6451",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6451"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2017-7093",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7093"
},
{
"name": "CVE-2017-7138",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7138"
},
{
"name": "CVE-2017-7094",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7094"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2017-7109",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7109"
},
{
"name": "CVE-2017-7099",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7099"
},
{
"name": "CVE-2017-7087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7087"
},
{
"name": "CVE-2017-7078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7078"
},
{
"name": "CVE-2017-7077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7077"
},
{
"name": "CVE-2017-7122",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7122"
},
{
"name": "CVE-2017-7083",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7083"
},
{
"name": "CVE-2017-7074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7074"
},
{
"name": "CVE-2017-7080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7080"
},
{
"name": "CVE-2017-7130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7130"
},
{
"name": "CVE-2017-6455",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6455"
},
{
"name": "CVE-2017-7125",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7125"
},
{
"name": "CVE-2016-9841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
},
{
"name": "CVE-2017-6463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
},
{
"name": "CVE-2017-7119",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7119"
},
{
"name": "CVE-2017-7089",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7089"
},
{
"name": "CVE-2017-7096",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7096"
},
{
"name": "CVE-2017-6464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
},
{
"name": "CVE-2017-7095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7095"
},
{
"name": "CVE-2017-7123",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7123"
},
{
"name": "CVE-2017-1000373",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000373"
},
{
"name": "CVE-2017-7086",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7086"
},
{
"name": "CVE-2017-7090",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7090"
},
{
"name": "CVE-2017-7100",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7100"
},
{
"name": "CVE-2017-7106",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7106"
},
{
"name": "CVE-2017-6459",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6459"
},
{
"name": "CVE-2017-7092",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7092"
},
{
"name": "CVE-2017-7143",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7143"
},
{
"name": "CVE-2017-7082",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7082"
},
{
"name": "CVE-2017-7107",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7107"
},
{
"name": "CVE-2017-6452",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6452"
},
{
"name": "CVE-2017-11103",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11103"
},
{
"name": "CVE-2017-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
},
{
"name": "CVE-2017-6460",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6460"
},
{
"name": "CVE-2017-7124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7124"
},
{
"name": "CVE-2017-6458",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6458"
},
{
"name": "CVE-2017-10989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
},
{
"name": "CVE-2016-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9042"
}
],
"initial_release_date": "2017-09-26T00:00:00",
"last_revision_date": "2017-09-26T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-320",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-09-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208102 du 25 septembre 2017",
"url": "https://support.apple.com/fr-fr/HT208102"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208142 du 25 septembre 2017",
"url": "https://support.apple.com/fr-fr/HT208142"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208144 du 25 septembre 2017",
"url": "https://support.apple.com/fr-fr/HT208144"
}
]
}
GHSA-8C4C-PJC2-QR4R
Vulnerability from github – Published: 2022-05-17 00:31 – Updated: 2022-05-17 00:31
VLAI?
Details
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2017-6460"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-27T17:59:00Z",
"severity": "HIGH"
},
"details": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.",
"id": "GHSA-8c4c-pjc2-qr4r",
"modified": "2022-05-17T00:31:37Z",
"published": "2022-05-17T00:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6460"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2017-6460"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208144"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"type": "WEB",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"type": "WEB",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97052"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038123"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2017-6460
Vulnerability from fkie_nvd - Published: 2017-03-27 17:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.9 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 | |
| ntp | ntp | 4.3.90 | |
| ntp | ntp | 4.3.91 | |
| ntp | ntp | 4.3.92 | |
| ntp | ntp | 4.3.93 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FE37F4-C8E6-42CC-A799-563637F6B85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "72F9DD05-E521-45D3-994E-0400DA0070BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DA733E-A2BB-4F72-BE9A-AF1ADD1881A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "816E4E2B-7E33-49A0-85E1-EF1755F6BB45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n reslist en ntpq en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a servidores remotos tener un impacto no especificado a trav\u00e9s de una variable flagstr larga en una respuesta de lista de restricciones."
}
],
"id": "CVE-2017-6460",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-27T17:59:00.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97052"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "cve@mitre.org",
"url": "https://security.paloaltonetworks.com/CVE-2017-6460"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT208144"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.paloaltonetworks.com/CVE-2017-6460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2017-6460
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-6460",
"description": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.",
"id": "GSD-2017-6460",
"references": [
"https://www.suse.com/security/cve/CVE-2017-6460.html",
"https://ubuntu.com/security/CVE-2017-6460"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-6460"
],
"details": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.",
"id": "GSD-2017-6460",
"modified": "2023-12-13T01:21:09.818295Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "97052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97052"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3377",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2017-6460",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2017-6460"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6460"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3377",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"name": "97052",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97052"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.apple.com/HT208144"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2017-6460",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.paloaltonetworks.com/CVE-2017-6460"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2017-10-24T01:29Z",
"publishedDate": "2017-03-27T17:59Z"
}
}
}
CNVD-2017-04230
Vulnerability from cnvd - Published: 2017-04-11
VLAI Severity ?
Title
NTP缓冲区溢出漏洞(CNVD-2017-04230)
Description
Network Time Protocol(NTP)是用来使计算机时间同步化的一种协议。
NTP存在缓冲区溢出漏洞,攻击者利用该漏洞执行任意代码,失败的攻击会造成拒绝服务。
Severity
中
Patch Name
NTP缓冲区溢出漏洞(CNVD-2017-04230)的补丁
Patch Description
Network Time Protocol(NTP)是用来使计算机时间同步化的一种协议。
NTP存在缓冲区溢出漏洞,攻击者利用该漏洞执行任意代码,失败的攻击会造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ntp.org/
Reference
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
http://www.securityfocus.com/bid/97052
Impacted products
| Name | ['Ntp NTPd <4.2.8p10', 'Ntp NTPd 4.3.x,<4.3.94'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "97052"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-6460"
}
},
"description": "Network Time Protocol\uff08NTP\uff09\u662f\u7528\u6765\u4f7f\u8ba1\u7b97\u673a\u65f6\u95f4\u540c\u6b65\u5316\u7684\u4e00\u79cd\u534f\u8bae\u3002\r\n\r\nNTP\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5931\u8d25\u7684\u653b\u51fb\u4f1a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "unknown",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.ntp.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-04230",
"openTime": "2017-04-11",
"patchDescription": "Network Time Protocol\uff08NTP\uff09\u662f\u7528\u6765\u4f7f\u8ba1\u7b97\u673a\u65f6\u95f4\u540c\u6b65\u5316\u7684\u4e00\u79cd\u534f\u8bae\u3002\r\n\r\nNTP\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5931\u8d25\u7684\u653b\u51fb\u4f1a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "NTP\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2017-04230\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Ntp NTPd \u003c4.2.8p10",
"Ntp NTPd 4.3.x\uff0c\u003c4.3.94"
]
},
"referenceLink": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\r\nhttp://www.securityfocus.com/bid/97052",
"serverity": "\u4e2d",
"submitTime": "2017-03-23",
"title": "NTP\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2017-04230\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…