CVE-2017-6455 — Code Injection in Apple Macos High Sierra

CWE-94 — Code Injection6 documents6 sources

Severity

7.0HIGHNVD

EPSS

0.1%

top 82.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos High Sierra NTP Debian NTP

Timeline

PublishedMar 27

Latest updateMay 17

Description

NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

▶NVDntp/ntp95 versions+94

▶debiandebian/ntp

▶Appleapple/macos_high_sierra10.13

Patches

Patch: support.ntp.org ↗Patch: support.ntp.org ↗

🔴Vulnerability Details

GHSA

GHSA-xcr3-hhwm-r755: NTP before 4↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2017-6455: macOS High Sierra 10.13↗2017-09-25

▶

Red Hat

ntp: Privileged execution of User Library code↗2017-03-21

▶

Debian

CVE-2017-6455: ntp - NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local use...↗2017

▶

💬Community

Bugzilla

CVE-2017-6455 ntp: Privileged execution of User Library code↗2017-03-24

▶