Vulnerability Details : CVE-2017-6464
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-6464
- cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6464
1.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6464
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2017-6464
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6464
-
http://www.securityfocus.com/bid/97050
NTP CVE-2017-6464 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:0855
RHSA-2018:0855 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:3071
RHSA-2017:3071 - Security Advisory - Red Hat Customer Portal
-
http://support.ntp.org/bin/view/Main/NtpBug3389
NtpBug3389 < Main < NTPPatch;Vendor Advisory
-
https://support.apple.com/HT208144
About the security content of macOS High Sierra 10.13 - Apple Support
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc
-
http://www.securitytracker.com/id/1038123
ntp Multiple Bugs Let Remote or Local Users Cause the Target Service to Crash - SecurityTrackerThird Party Advisory;VDB Entry
-
http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
SecurityNotice < Main < NTPVendor Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
HPESBUX03962 rev.1 - HP-UX NTP service, multiple vulnerabilities
Jump to