CVE-2018-12327
published 2018-06-20CVE-2018-12327: Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long…
PriorityP265critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
29.04%
97.9th percentile
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ntp | — | — |
| ntp | ntp | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The overflow is triggered in the `openhost` function when a long string (≥300 bytes) is passed as an IPv4 (-4) or IPv6 (-6) command-line argument to ntpq or ntpdc. Monitor process execution of ntpq/ntpdc with abnormally long argument strings. ↗
- →Crash/exploitation manifests in `openhost` at ntpq.c:655 or ntpdc.c:413. Stack traces showing `openhost` with oversized hostname arguments are a strong indicator of exploitation attempts. ↗
- →Applications invoking ntpq or ntpdc with untrusted/external input as hostname arguments are the primary attack surface. Audit pipelines or scripts that pass user-controlled strings to these utilities. ↗
- ·Exploitation requires the attacker to control the command-line arguments passed to ntpq or ntpdc; direct network exploitation is not possible. The practical risk depends on whether these utilities are invoked with untrusted input. ↗
- ·Red Hat rates this as Low severity and does not plan to fix it in RHEL 5 (Extended Life Phase). RHEL 7 may receive a future update but it is not guaranteed. ↗
- ·The Debian tracker lists this as still open in bullseye, meaning patched packages may not be available across all distributions. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8LOW
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
NTP vulnerability
vendor_ubuntu·2021-03-15
CVE-2018-12327 NTP vulnerability
Title: NTP vulnerability
Summary: NTP could be made to crash or run programs if it received
specially crafted network traffic.
USN-4229-1 fixed a vulnerability in NTP. This update provides the
corresponding update for Ubuntu 18.04 ESM.
Original advisory details:
It was discovered that ntpq and ntpdc incorrectly handled some arguments.
An attacker could possibly use this issue to cause ntpq or ntpdc to crash,
execute arbitrary code, or escalate to higher privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
NTP vulnerability
vendor_ubuntu·2020-01-09
CVE-2018-12327 NTP vulnerability
Title: NTP vulnerability
Summary: A security issue was fixed in ntpq and ntpdc.
It was discovered that ntpq and ntpdc incorrectly handled some arguments.
An attacker could possibly use this issue to cause ntpq or ntpdc to crash,
execute arbitrary code, or escalate to higher privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution
vendor_redhat·2018-06-20·CVSS 9.8
CVE-2018-12327 [CRITICAL] CWE-121 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution
ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application.
Statement: Thi
Debian
CVE-2018-12327: ntp - Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an ...
vendor_debian·2018·CVSS 9.8
CVE-2018-12327 [CRITICAL] CVE-2018-12327: ntp - Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an ...
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
Scope: local
bullseye: open
GHSA
GHSA-gmx7-j3pp-2gxp: Stack-based buffer overflow in ntpq and ntpdc of NTP version 4
ghsa_unreviewed·2022-05-13
CVE-2018-12327 [CRITICAL] CWE-787 GHSA-gmx7-j3pp-2gxp: Stack-based buffer overflow in ntpq and ntpdc of NTP version 4
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
OSV
CVE-2018-12327: Stack-based buffer overflow in ntpq and ntpdc of NTP version 4
osv·2018-06-20·CVSS 9.8
CVE-2018-12327 [CRITICAL] CVE-2018-12327: Stack-based buffer overflow in ntpq and ntpdc of NTP version 4
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
No detection rules found.
arXiv
Exploring the Limits of ChatGPT in Software Security Applications
arxiv_fulltext·2023-12-08
Exploring the Limits of ChatGPT in Software Security Applications
## Abstract
Large language models (LLMs) have undergone rapid evolution and achieved remarkable results in recent times. OpenAI's ChatGPT, backed by GPT-3.5 or GPT-4, has gained instant popularity due to its strong capability across a wide range of tasks, including natural language tasks, coding, mathematics, and engaging conversations. However, the impacts and limits of such LLMs in system security domain are less explored.
In this paper, we delve into the limits of LLMs (i.e., ChatGPT) in seven software security applications including vulnerability detection/repair, debugging, debloating, decompilation, patching, root cause analysis, symbolic execution, and fuzzing. Our exploration reveals that ChatGPT not only excels at generating code, which is the conventional application of languag
Bugzilla
CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution [fedora-all]
bugzilla·2018-06-21·CVSS 9.8
CVE-2018-12327 [CRITICAL] CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution [fedora-all]
CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: th
Bugzilla
CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution
bugzilla·2018-06-21·CVSS 9.8
CVE-2018-12327 [CRITICAL] CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution
CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
References:
https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f
Discussion:
Created ntp tracking bugs for this issue:
Affects: fedora-all [bug 1593581]
---
Vulnerable code:
623 static int
624 openhost(
625 const char *hname
626 )
627 {
628 char temphost[LENHOSTNAME];
629 int a_info, i;
630 struct a
http://www.securityfocus.com/bid/104517https://access.redhat.com/errata/RHSA-2018:3853https://access.redhat.com/errata/RHSA-2018:3854https://access.redhat.com/errata/RHSA-2019:2077https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011fhttps://security.gentoo.org/glsa/201903-15https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://usn.ubuntu.com/4229-1/https://www.exploit-db.com/exploits/44909/http://www.securityfocus.com/bid/104517https://access.redhat.com/errata/RHSA-2018:3853https://access.redhat.com/errata/RHSA-2018:3854https://access.redhat.com/errata/RHSA-2019:2077https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011fhttps://security.gentoo.org/glsa/201903-15https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://usn.ubuntu.com/4229-1/https://www.exploit-db.com/exploits/44909/
2018-06-20
Published