MEDIUM
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
http://support.ntp.org/bin/view/Main/NtpBug3388
http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
http://www.securityfocus.com/bid/97045
http://www.securitytracker.com/id/1038123
https://access.redhat.com/errata/RHSA-2017:3071
https://access.redhat.com/errata/RHSA-2018:0855
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc
Source: MITRE
Published: 2017-03-27
Updated: 2019-01-24
Type: CWE-119
Base Score: 4.6
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH
OR
cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 125008 | EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1555) | Nessus | Huawei Local Security Checks | high |
| 700511 | macOS < 10.13 Multiple Vulnerabilities | Nessus Network Monitor | Operating System Detection | critical |
| 121678 | Photon OS 1.0: Ntp PHSA-2017-0010 | Nessus | PhotonOS Local Security Checks | high |
| 119823 | OracleVM 3.3 / 3.4 : ntp (OVMSA-2018-0290) | Nessus | OracleVM Local Security Checks | high |
| 119235 | Virtuozzo 6 : ntp / ntp-doc / ntp-perl / ntpdate (VZLSA-2017-3071) | Nessus | Virtuozzo Local Security Checks | medium |
| 111859 | Photon OS 1.0: Binutils / Libarchive / Ntp PHSA-2017-0010 (deprecated) | Nessus | PhotonOS Local Security Checks | high |
| 109688 | Amazon Linux 2 : ntp (ALAS-2018-1009) | Nessus | Amazon Linux Local Security Checks | high |
| 109453 | Scientific Linux Security Update : ntp on SL7.x x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
| 109375 | CentOS 7 : ntp (CESA-2018:0855) | Nessus | CentOS Local Security Checks | medium |
| 109109 | Oracle Linux 7 : ntp (ELSA-2018-0855) | Nessus | Oracle Linux Local Security Checks | medium |
| 108989 | RHEL 7 : ntp (RHSA-2018:0855) | Nessus | Red Hat Local Security Checks | medium |
| 106504 | pfSense < 2.3.4 Multiple Vulnerabilities (SA-17_04) | Nessus | Firewalls | high |
| 105399 | F5 Networks BIG-IP : NTP vulnerability (K07082049) | Nessus | F5 Networks Local Security Checks | medium |
| 104217 | CentOS 6 : ntp (CESA-2017:3071) | Nessus | CentOS Local Security Checks | medium |
| 104206 | Scientific Linux Security Update : ntp on SL6.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
| 104204 | OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0165) | Nessus | OracleVM Local Security Checks | high |
| 104199 | Oracle Linux 6 : ntp (ELSA-2017-3071) | Nessus | Oracle Linux Local Security Checks | medium |
| 104170 | RHEL 6 : ntp (RHSA-2017:3071) | Nessus | Red Hat Local Security Checks | medium |
| 103598 | macOS < 10.13 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
| 102131 | AIX NTP v4 Advisory : ntp_advisory9.asc (IV96311) (IV96312) | Nessus | AIX Local Security Checks | medium |
| 102130 | AIX NTP v3 Advisory : ntp_advisory9.asc (IV96305) (IV96306) (IV96307) (IV96308) (IV96309) (IV96310) | Nessus | AIX Local Security Checks | medium |
| 101588 | Fedora 26 : ntp (2017-20d54b2782) | Nessus | Fedora Local Security Checks | medium |
| 101311 | EulerOS 2.0 SP2 : ntp (EulerOS-SA-2017-1125) | Nessus | Huawei Local Security Checks | high |
| 101310 | EulerOS 2.0 SP1 : ntp (EulerOS-SA-2017-1124) | Nessus | Huawei Local Security Checks | high |
| 101263 | Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : ntp vulnerabilities (USN-3349-1) | Nessus | Ubuntu Local Security Checks | high |
| 100496 | FreeBSD : FreeBSD -- Multiple vulnerabilities of ntp (3c0237f5-420e-11e7-82c5-14dae9d210b8) | Nessus | FreeBSD Local Security Checks | medium |
| 99700 | openSUSE Security Update : ntp (openSUSE-2017-511) | Nessus | SuSE Local Security Checks | medium |
| 99597 | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : ntp (SSA:2017-112-02) | Nessus | Slackware Local Security Checks | medium |
| 99529 | Amazon Linux AMI : ntp (ALAS-2017-816) | Nessus | Amazon Linux Local Security Checks | medium |
| 99469 | SUSE SLES11 Security Update : ntp (SUSE-SU-2017:1052-1) | Nessus | SuSE Local Security Checks | medium |
| 99468 | SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2017:1048-1) | Nessus | SuSE Local Security Checks | medium |
| 99467 | SUSE SLES12 Security Update : ntp (SUSE-SU-2017:1047-1) | Nessus | SuSE Local Security Checks | medium |
| 99445 | Fedora 24 : ntp (2017-72323a442f) | Nessus | Fedora Local Security Checks | medium |
| 99053 | Fedora 25 : ntp (2017-5ebac1c112) | Nessus | Fedora Local Security Checks | medium |
| 97988 | Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p10 Multiple Vulnerabilities | Nessus | Misc. | medium |