{"id":"MGASA-2017-0134","summary":"Updated ntp packages fix security vulnerability","details":"A vulnerability was found in NTP, in the legacy MX4200 refclock\nimplementation. If this refclock was compiled in and used, an attacker may\nbe able to induce stack overflow, leading to a crash or potential code\nexecution (CVE-2017-6451).\n\nA vulnerability was found in NTP, in the building of response packets with\ncustom fields. If custom fields were configured in ntp.conf with\nparticularly long names, inclusion of these fields in the response packet\ncould cause a buffer overflow, leading to a crash (CVE-2017-6458).\n\nA vulnerability was found in NTP, in the parsing of packets from the\n/dev/datum device. A malicious device could send crafted messages, causing\nntpd to crash (CVE-2017-6462).\n\nA vulnerability was discovered in the NTP server's parsing of\nconfiguration directives. A remote, authenticated attacker could cause\nntpd to crash by sending a crafted message (CVE-2017-6463).\n\nA vulnerability was discovered in the NTP server's parsing of\nconfiguration directives. A remote, authenticated attacker could cause\nntpd to crash by sending a crafted message (CVE-2017-6464).\n","modified":"2026-02-04T03:33:36.873727Z","published":"2017-05-09T06:35:29Z","related":["CVE-2017-6451","CVE-2017-6458","CVE-2017-6462","CVE-2017-6463","CVE-2017-6464"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0134.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20595"},{"type":"REPORT","url":"http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/"}],"affected":[{"package":{"name":"ntp","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/ntp?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.6p5-24.8.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0134.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}