{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-09T20:06:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2018:3854", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3854"}, {"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f"}, {"name": "104517", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104517"}, {"name": "44909", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44909/"}, {"name": "RHSA-2018:3853", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3853"}, {"name": "GLSA-201903-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201903-15"}, {"name": "RHSA-2019:2077", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2077"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us"}, {"name": "USN-4229-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4229-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-12327", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:3854", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3854"}, {"name": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f", "refsource": "MISC", "url": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f"}, {"name": "104517", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104517"}, {"name": "44909", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44909/"}, {"name": "RHSA-2018:3853", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3853"}, {"name": "GLSA-201903-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-15"}, {"name": "RHSA-2019:2077", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2077"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us"}, {"name": "USN-4229-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4229-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:30:59.728Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2018:3854", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3854"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f"}, {"name": "104517", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104517"}, {"name": "44909", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/44909/"}, {"name": "RHSA-2018:3853", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3853"}, {"name": "GLSA-201903-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201903-15"}, {"name": "RHSA-2019:2077", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2077"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us"}, {"name": "USN-4229-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4229-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-12327", "datePublished": "2018-06-20T14:00:00", "dateReserved": "2018-06-13T00:00:00", "dateUpdated": "2024-08-05T08:30:59.728Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*", "matchCriteriaId": "1C420117-862A-41A9-BAE8-8B3478FAEBC3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en ntpq y ntpdc en NTP 4.2.8p11 permite que un atacante logre la ejecuci\u00f3n de c\u00f3digo o escale a mayores privilegios mediante una cadena larga en el argumento para un par\u00e1metro command-line IPv4 o IPv6. NOTA: no se sabe a ciencia cierta si hay situaciones comunes en las que se emplea ntpq o ntpdc con una l\u00ednea de comando de un origen no fiable."}], "id": "CVE-2018-12327", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-20T14:29:00.227", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104517"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:3853"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:3854"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2077"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201903-15"}, {"source": "cve@mitre.org", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4229-1/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44909/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:3854", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "ntp-0:4.2.6p5-15.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2018-12-19T00:00:00Z"}, {"advisory": "RHSA-2018:3853", "cpe": "cpe:/o:redhat:rhel_eus:6.7", "package": "ntp-0:4.2.6p5-5.el6_7.6", "product_name": "Red Hat Enterprise Linux 6.7 Extended Update Support", "release_date": "2018-12-19T00:00:00Z"}, {"advisory": "RHSA-2019:2077", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ntp-0:4.2.6p5-29.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:1470", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "ntp-0:4.2.6p5-28.el7_6.1", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-04-14T00:00:00Z"}], "bugzilla": {"description": "ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution", "id": "1593580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593580"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-121", "details": ["Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.", "The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application."], "name": "CVE-2018-12327", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2018-06-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-12327\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12327"], "statement": "This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}