Menu
What's new
By:
Filters Better Search

ntp.org [4.2.8p15/ntpq] Exploit

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

PR3MIUM said:
ntp.org [4.2.8p15/ntpq] Exploit.

Source:
github.com

GitHub - spwpun/ntp-4.2.8p15-cves: 5 cves of ntp 4.2.8p15 founded by me.

5 cves of ntp 4.2.8p15 founded by me. Contribute to spwpun/ntp-4.2.8p15-cves development by creating an account on GitHub.
github.com github.com

CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554, CVE-2023-26555
Click to expand...



github.com

ntpd is not vulnerable · Issue #1 · spwpun/ntp-4.2.8p15-cves

The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by ntpd. The last CVE affects the driver for a hardware clock (GPS receiver), so ntpd might be vulnerable...
github.com github.com

ntpd is not vulnerable #1 :

The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by ntpd.
The last CVE affects the driver for a hardware clock (GPS receiver), so ntpd might be vulnerable to manipulated devices of that type, but not to remote attacks.
Click to expand...
Did you see the guys name and bio? I would wait for professionals to assess this before worrying.
 
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
Click to expand...

NVD - CVE-2023-26551

nvd.nist.gov nvd.nist.gov

Little Fix:
github.com

ntpd is not vulnerable · Issue #1 · spwpun/ntp-4.2.8p15-cves

The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by ntpd. The last CVE affects the driver for a hardware clock (GPS receiver), so ntpd might be vulnerable...
github.com github.com
 
You must log in or register to reply here.

Similar threads

PR3MIUM
Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
Replies
1
Views
169
DJones
D
PR3MIUM
Release ASUS GT-BE25000 Firmware version 3.0.0.6.102_34372
Replies
0
Views
943
PR3MIUM
PR3MIUM
PR3MIUM
  • Locked
Release ASUS RT-BE96U Firmware version 3.0.0.6.102_34488
Replies
1
Views
1K
RogerSC
R
d5aqoep
ASUS GT-AX11000 PRO Firmware version 3.0.0.4.388_24721 (5th March 2024)
Replies
0
Views
1K
d5aqoep
d5aqoep
Thermaltake
Release ASUS RT-AX88U Firmware version 3.0.0.4.388_23748
2
Replies
26
Views
8K
Gregory Phillips
Gregory Phillips

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 801 (members: 18, guests: 783)
Top