CVE-2017-6462

high

Description

Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.

References

http://support.ntp.org/bin/view/Main/NtpBug3388

http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu

http://www.securityfocus.com/bid/97045

http://www.securitytracker.com/id/1038123

https://access.redhat.com/errata/RHSA-2017:3071

https://access.redhat.com/errata/RHSA-2018:0855

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc

https://support.apple.com/HT208144

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

https://usn.ubuntu.com/3707-2/

Details

Source: MITRE

Published: 2017-03-27

Updated: 2019-01-24

Type: CWE-119

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH