Menu
What's new
By:
Filters Better Search

ntp.org [4.2.8p15/ntpq] Exploit

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

PR3MIUM said:
ntp.org [4.2.8p15/ntpq] Exploit.

Source:
github.com

GitHub - spwpun/ntp-4.2.8p15-cves: 5 cves of ntp 4.2.8p15 founded by me.

5 cves of ntp 4.2.8p15 founded by me. Contribute to spwpun/ntp-4.2.8p15-cves development by creating an account on GitHub.
github.com github.com

CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554, CVE-2023-26555
Click to expand...



github.com

ntpd is not vulnerable · Issue #1 · spwpun/ntp-4.2.8p15-cves

The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by ntpd. The last CVE affects the driver for a hardware clock (GPS receiver), so ntpd might be vulnerable...
github.com github.com

ntpd is not vulnerable #1 :

The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by ntpd.
The last CVE affects the driver for a hardware clock (GPS receiver), so ntpd might be vulnerable to manipulated devices of that type, but not to remote attacks.
Click to expand...
Did you see the guys name and bio? I would wait for professionals to assess this before worrying.
 
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
Click to expand...

NVD - CVE-2023-26551

nvd.nist.gov nvd.nist.gov

Little Fix:
github.com

ntpd is not vulnerable · Issue #1 · spwpun/ntp-4.2.8p15-cves

The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by ntpd. The last CVE affects the driver for a hardware clock (GPS receiver), so ntpd might be vulnerable...
github.com github.com
 
You must log in or register to reply here.

Similar threads

d5aqoep
ASUS GT-AX11000 PRO Firmware version 3.0.0.4.388_24721 (5th March 2024)
Replies
0
Views
565
d5aqoep
d5aqoep
Thermaltake
Release ASUS RT-AX88U Firmware version 3.0.0.4.388_23748
2
Replies
26
Views
6K
Gregory Phillips
Gregory Phillips
RMerlin
Release Asuswrt-Merlin 386.13 / 386.13_2 is now available for AC models
2 3
Replies
44
Views
7K
Unisoft
U
octopus
  • Locked
[ 386.13 alpha Build(s) ] Testing available build(s)
2 3
Replies
46
Views
6K
octopus
octopus
RMerlin
  • Locked
Beta Asuswrt-Merlin 386.13 beta is now available for AC models
2
Replies
32
Views
4K
RMerlin
RMerlin
Similar threads
Thread starter Title Forum Replies Date
Stardust NAS NTP with minimum security risk General Network Security 16

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 986 (members: 22, guests: 964)
Top