Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 650016

Summary: net-misc/ntp: Arbitrary code execution via ntpq query
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [ebuild cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2018-03-09 15:36:08 UTC
CVE-2018-7183 (https://nvd.nist.gov/vuln/detail/CVE-2018-7183):
  Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through
  4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an
  ntpq query and sending a response with a crafted array.


@Maintainers could you confirm if we are affected in stable version 4.2.8_p10-r1?

Thank you
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-03-13 18:27:14 UTC

*** This bug has been marked as a duplicate of bug 649612 ***