CVE-2017-6451 Information

Feb 14, 2021 cve

Description

The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function which allows local users to execute arbitrary code via unspecified vectors which trigger an out-of-bounds memory write.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://support.ntp.org/bin/view/Main/NtpBug3378 http://support.ntp.org/bin/view/Main/SecurityNoticeMarch_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/bid/97058 http://www.securitytracker.com/id/1038123 http://www.securitytracker.com/id/1039427 https://support.apple.com/HT208144 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8

Share on: