A vulnerability was found in NTP, in the building of response packets with custom fields. If custom fields were configured in ntp.conf with particularly long names, inclusion of these fields in the response packet could cause a buffer overflow, leading to a crash.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | ntp | 2017-04-20 05:54 | ALAS-2017-816 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.1 | CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
NVD | CVSSv2 | 6.5 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
NVD | CVSSv3 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |