CVE-2018-12327
CVE-2018-12327
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/44909/unverifiedexploitdbwww.exploit-db.com/exploits/44909unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2018:3853https://access.redhat.com/errata/RHSA-2018:3854https://access.redhat.com/errata/RHSA-2019:2077https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011fhttps://security.gentoo.org/glsa/201903-15https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://usn.ubuntu.com/4229-1/https://www.exploit-db.com/exploits/44909/http://www.securityfocus.com/bid/104517