CVE-2017-6462

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.

References

http://support.ntp.org/bin/view/Main/NtpBug3388

http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu

http://www.securityfocus.com/bid/97045

http://www.securitytracker.com/id/1038123

https://access.redhat.com/errata/RHSA-2017:3071

https://access.redhat.com/errata/RHSA-2018:0855

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc

https://support.apple.com/HT208144

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

https://usn.ubuntu.com/3707-2/

Details

Source: MITRE

Published: 2017-03-27

Updated: 2019-01-24

Type: CWE-119

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*

Tenable Plugins

View all (38 total)

IDNameProductFamilySeverity
128941EulerOS Virtualization for ARM 64 3.0.2.0 : ntp (EulerOS-SA-2019-1938)NessusHuawei Local Security Checks
high
127378NewStart CGSL MAIN 4.05 : ntp Multiple Vulnerabilities (NS-SA-2019-0127)NessusNewStart CGSL Local Security Checks
high
127193NewStart CGSL CORE 5.04 / MAIN 5.04 : ntp Multiple Vulnerabilities (NS-SA-2019-0029)NessusNewStart CGSL Local Security Checks
high
125008EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1555)NessusHuawei Local Security Checks
high
700511macOS < 10.13 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
121678Photon OS 1.0: Ntp PHSA-2017-0010NessusPhotonOS Local Security Checks
high
119823OracleVM 3.3 / 3.4 : ntp (OVMSA-2018-0290)NessusOracleVM Local Security Checks
critical
119235Virtuozzo 6 : ntp / ntp-doc / ntp-perl / ntpdate (VZLSA-2017-3071)NessusVirtuozzo Local Security Checks
high
111859Photon OS 1.0: Binutils / Libarchive / Ntp PHSA-2017-0010 (deprecated)NessusPhotonOS Local Security Checks
critical
109688Amazon Linux 2 : ntp (ALAS-2018-1009)NessusAmazon Linux Local Security Checks
high
109453Scientific Linux Security Update : ntp on SL7.x x86_64 (20180410)NessusScientific Linux Local Security Checks
high
109375CentOS 7 : ntp (CESA-2018:0855)NessusCentOS Local Security Checks
high
109109Oracle Linux 7 : ntp (ELSA-2018-0855)NessusOracle Linux Local Security Checks
high
108989RHEL 7 : ntp (RHSA-2018:0855)NessusRed Hat Local Security Checks
high
106504pfSense < 2.3.4 Multiple Vulnerabilities (SA-17_04)NessusFirewalls
critical
105399F5 Networks BIG-IP : NTP vulnerability (K07082049)NessusF5 Networks Local Security Checks
high
104217CentOS 6 : ntp (CESA-2017:3071)NessusCentOS Local Security Checks
high
104206Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20171026)NessusScientific Linux Local Security Checks
high
104204OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0165)NessusOracleVM Local Security Checks
high
104199Oracle Linux 6 : ntp (ELSA-2017-3071)NessusOracle Linux Local Security Checks
high
104170RHEL 6 : ntp (RHSA-2017:3071)NessusRed Hat Local Security Checks
high
103598macOS < 10.13 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
102131AIX NTP v4 Advisory : ntp_advisory9.asc (IV96311) (IV96312)NessusAIX Local Security Checks
high
102130AIX NTP v3 Advisory : ntp_advisory9.asc (IV96305) (IV96306) (IV96307) (IV96308) (IV96309) (IV96310)NessusAIX Local Security Checks
high
101588Fedora 26 : ntp (2017-20d54b2782)NessusFedora Local Security Checks
high
101311EulerOS 2.0 SP2 : ntp (EulerOS-SA-2017-1125)NessusHuawei Local Security Checks
medium
101310EulerOS 2.0 SP1 : ntp (EulerOS-SA-2017-1124)NessusHuawei Local Security Checks
medium
101263Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : ntp vulnerabilities (USN-3349-1)NessusUbuntu Local Security Checks
high
100496FreeBSD : FreeBSD -- Multiple vulnerabilities of ntp (3c0237f5-420e-11e7-82c5-14dae9d210b8)NessusFreeBSD Local Security Checks
high
99700openSUSE Security Update : ntp (openSUSE-2017-511)NessusSuSE Local Security Checks
high
99597Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : ntp (SSA:2017-112-02)NessusSlackware Local Security Checks
high
99529Amazon Linux AMI : ntp (ALAS-2017-816)NessusAmazon Linux Local Security Checks
high
99469SUSE SLES11 Security Update : ntp (SUSE-SU-2017:1052-1)NessusSuSE Local Security Checks
high
99468SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2017:1048-1)NessusSuSE Local Security Checks
high
99467SUSE SLES12 Security Update : ntp (SUSE-SU-2017:1047-1)NessusSuSE Local Security Checks
high
99445Fedora 24 : ntp (2017-72323a442f)NessusFedora Local Security Checks
high
99053Fedora 25 : ntp (2017-5ebac1c112)NessusFedora Local Security Checks
high
97988Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p10 Multiple VulnerabilitiesNessusMisc.
high