CVE-2018-12327

ntp 4.2.8p11 - Local Buffer Overflow (PoC)

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.

Desbordamiento de búfer basado en pila en ntpq y ntpdc en NTP 4.2.8p11 permite que un atacante logre la ejecución de código o escale a mayores privilegios mediante una cadena larga en el argumento para un parámetro command-line IPv4 o IPv6. NOTA: no se sabe a ciencia cierta si hay situaciones comunes en las que se emplea ntpq o ntpdc con una línea de comando de un origen no fiable.

The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.

The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-06-13 CVE Reserved
2018-06-20 CVE Published
2018-06-21 First Exploit
2024-08-05 CVE Updated
2025-04-05 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-121: Stack-based Buffer Overflow
CWE-787: Out-of-bounds Write

CAPEC

References (12)

URL	Tag	Source
http://www.securityfocus.com/bid/104517	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us	X_refsource_confirm

URL	Date	SRC
https://packetstorm.news/files/id/148271	2018-06-21
https://www.exploit-db.com/exploits/44909	2024-08-05
https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f	2024-08-05

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2018:3853	2020-08-24
https://access.redhat.com/errata/RHSA-2018:3854	2020-08-24
https://access.redhat.com/errata/RHSA-2019:2077	2020-08-24
https://security.gentoo.org/glsa/201903-15	2020-08-24
https://usn.ubuntu.com/4229-1	2020-08-24
https://access.redhat.com/security/cve/CVE-2018-12327	2020-04-14
https://bugzilla.redhat.com/show_bug.cgi?id=1593580	2020-04-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8"		p11		Affected