Bug 1550208 (CVE-2018-7182) - CVE-2018-7182 ntp: buffer read overrun leads information leak in ctl_getitem()
Summary: CVE-2018-7182 ntp: buffer read overrun leads information leak in ctl_getitem()
Keywords:
Status: NEW
Alias: CVE-2018-7182
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1550228 1550229
Blocks: 1550226
TreeView+ depends on / blocked
 
Reported: 2018-02-28 19:25 UTC by Pedro Sampaio
Modified: 2019-09-29 14:33 UTC (History)
2 users (show)

Fixed In Version: ntp 4.2.8p11
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Pedro Sampaio 2018-02-28 19:25:12 UTC
ctl_getitem() is used by ntpd to process incoming mode 6 packets. A malicious mode 6 packet can be sent to an ntpd instance, and if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will cause ctl_getitem() to read past the end of its buffer.

References:

http://support.ntp.org/bin/view/Main/NtpBug3412

Comment 1 Pedro Sampaio 2018-02-28 19:52:10 UTC
Created ntp tracking bugs for this issue:

Affects: fedora-all [bug 1550228]


Note You need to log in before you can comment on or make changes to this bug.