Last update: April 22, 2024 18:49 UTC (7e7bd5857)
| Resolved | 27 Feb 2018 | DATE |
|---|---|---|
| References | Bug 3414 | CVE-2018-7183 |
| Affects | ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11. |
Resolved in 4.2.8p11. |
| CVSS2 Score | MED 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| CVSS3 Score | MED 5.0 | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
ntpq is a monitoring and control program for ntpd. decodearr() is an internal function of ntpq that is used to – wait for it – decode an array in a response string when formatted data is being displayed. This is a problem in affected versions of ntpq if a maliciously-altered ntpd returns an array result that will trip this bug, or if a bad actor is able to read an ntpq request on its way to a remote ntpd server and forge and send a response before the remote ntpd sends its response. It’s potentially possible that the malicious data could become injectable/executable code.
This weakness was discovered by Michael Macnair of Thales e-Security.