658576 – (CVE-2018-12327) <net-misc/ntp-4.2.8_p12: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327)

Bug 658576 (CVE-2018-12327) - <net-misc/ntp-4.2.8_p12: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327)

Summary: <net-misc/ntp-4.2.8_p12: Stack-based buffer overflow in ntpq and ntpdc allows...

Status:	RESOLVED FIXED

Alias:	CVE-2018-12327

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://gist.github.com/fakhrizulkifl...
Whiteboard:	A2 [glsa+ cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-06-20 15:24 UTC by Florian Schuhmacher
Modified:	2019-03-19 03:21 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	net-misc/ntp-4.2.8_p12
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Schuhmacher 2018-06-20 15:24:24 UTC

Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. 

Gentoo Security Scout
Florian Schuhmacher

Comment 1 D'juan McDonald (domhnall) 2018-12-18 00:18:36 UTC

upstream reference: http://support.ntp.org/bin/view/Main/NtpBug3505

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2018-12-18 00:21:55 UTC

Note: This problem affects only command line tools and not the server. As these command line tools are usually not run with attacker input A2 is probably overrated.

Comment 3 Rolf Eike Beer archtester

2018-12-19 05:58:55 UTC

sparc stable

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2018-12-20 01:30:10 UTC

x86 stable

Comment 5 Matt Turner gentoo-dev

2018-12-23 03:20:46 UTC

alpha stable

Comment 6 Mikle Kolyada (RETIRED) archtester

2018-12-23 12:25:51 UTC

amd64 stable

Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev

2018-12-26 11:05:12 UTC

ia64 stable

Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev

2018-12-26 11:06:42 UTC

If you want faster stabilization next time please consider fixing testsuite on platforms that don't support -Wl,gc-sections (has a reproducer for amd64):
    https://bugs.gentoo.org/564018#c11

Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev

2018-12-26 14:02:30 UTC

ppc64 stable

Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev

2018-12-26 14:03:05 UTC

ppc stable

Comment 11 Markus Meier gentoo-dev

2019-01-02 12:13:36 UTC

arm stable

Comment 12 Sergei Trofimovich (RETIRED) gentoo-dev

2019-01-03 18:58:49 UTC

hppa stable

Comment 13 Mart Raudsepp gentoo-dev

2019-01-04 00:47:05 UTC

arm64 stable

Comment 14 Mikle Kolyada (RETIRED) archtester

2019-01-04 10:02:28 UTC

base-system is done here

Comment 15 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2019-01-04 10:21:18 UTC

(In reply to Mikle Kolyada from comment #14)
> base-system is done here

And yet it's still a base-sysdtem package, so I'd like to keep b-s in CC.

Comment 16 GLSAMaker/CVETool Bot gentoo-dev

2019-03-19 03:21:37 UTC

This issue was resolved and addressed in
 GLSA 201903-15 at https://security.gentoo.org/glsa/201903-15
by GLSA coordinator Aaron Bauman (b-man).