Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 650016 - net-misc/ntp: Arbitrary code execution via ntpq query
Summary: net-misc/ntp: Arbitrary code execution via ntpq query
Status: RESOLVED DUPLICATE of bug 649612
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B2 [ebuild cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-09 15:36 UTC by GLSAMaker/CVETool Bot
Modified: 2018-03-13 18:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-03-09 15:36:08 UTC
CVE-2018-7183 (https://nvd.nist.gov/vuln/detail/CVE-2018-7183):
  Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through
  4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an
  ntpq query and sending a response with a crafted array.


@Maintainers could you confirm if we are affected in stable version 4.2.8_p10-r1?

Thank you
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-03-13 18:27:14 UTC

*** This bug has been marked as a duplicate of bug 649612 ***