CVE-2018-12327 - OpenCVE

Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ntp	Ntp

Configuration 1 [-]

cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/104517	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:3853
https://access.redhat.com/errata/RHSA-2018:3854
https://access.redhat.com/errata/RHSA-2019:2077
https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f	Exploit Third Party Advisory
https://security.gentoo.org/glsa/201903-15
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
https://usn.ubuntu.com/4229-1/
https://www.exploit-db.com/exploits/44909/	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-06-20T14:00:00

Updated: 2020-01-09T20:06:08

Reserved: 2018-06-13T00:00:00

Link: CVE-2018-12327

JSON object: View

NVD Information

Status : Modified

Published: 2018-06-20T14:29:00.227

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-12327

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-09T20:06:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2018:3854", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3854"}, {"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f"}, {"name": "104517", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104517"}, {"name": "44909", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44909/"}, {"name": "RHSA-2018:3853", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3853"}, {"name": "GLSA-201903-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201903-15"}, {"name": "RHSA-2019:2077", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2077"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us"}, {"name": "USN-4229-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4229-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-12327", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:3854", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3854"}, {"name": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f", "refsource": "MISC", "url": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f"}, {"name": "104517", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104517"}, {"name": "44909", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44909/"}, {"name": "RHSA-2018:3853", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3853"}, {"name": "GLSA-201903-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-15"}, {"name": "RHSA-2019:2077", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2077"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us"}, {"name": "USN-4229-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4229-1/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-12327", "datePublished": "2018-06-20T14:00:00", "dateReserved": "2018-06-13T00:00:00", "dateUpdated": "2020-01-09T20:06:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*", "matchCriteriaId": "1C420117-862A-41A9-BAE8-8B3478FAEBC3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en ntpq y ntpdc en NTP 4.2.8p11 permite que un atacante logre la ejecuci\u00f3n de c\u00f3digo o escale a mayores privilegios mediante una cadena larga en el argumento para un par\u00e1metro command-line IPv4 o IPv6. NOTA: no se sabe a ciencia cierta si hay situaciones comunes en las que se emplea ntpq o ntpdc con una l\u00ednea de comando de un origen no fiable."}], "id": "CVE-2018-12327", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-20T14:29:00.227", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104517"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:3853"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:3854"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2077"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201903-15"}, {"source": "cve@mitre.org", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4229-1/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44909/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}