CVE-2017-6462 Information

Description

Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://support.ntp.org/bin/view/Main/NtpBug3388 http://support.ntp.org/bin/view/Main/SecurityNoticeMarch_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/bid/97045 http://www.securitytracker.com/id/1038123 https://access.redhat.com/errata/RHSA-2017:3071 https://access.redhat.com/errata/RHSA-2018:0855 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc https://support.apple.com/HT208144 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us https://usn.ubuntu.com/3707-2/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8