Vulnerability Description
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ntp | Ntp | 4.2.8 |
Related Weaknesses (CWE)
References
- http://support.ntp.org/bin/view/Main/NtpBug3388PatchVendor Advisory
- http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Vendor Advisory
- http://www.securityfocus.com/bid/97045Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038123Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:3071
- https://access.redhat.com/errata/RHSA-2018:0855
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc
- https://support.apple.com/HT208144
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe
- https://usn.ubuntu.com/3707-2/
- http://support.ntp.org/bin/view/Main/NtpBug3388PatchVendor Advisory
- http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Vendor Advisory
- http://www.securityfocus.com/bid/97045Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038123Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:3071
FAQ
What is CVE-2017-6462?
CVE-2017-6462 is a vulnerability with a CVSS score of 7.8 (HIGH). Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datu...
How severe is CVE-2017-6462?
CVE-2017-6462 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6462?
Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp.