CVE-2017-6463

Summary

CVE	CVE-2017-6463
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-03-27 17:59:00 UTC
Updated	2019-01-24 11:29:00 UTC
Description	NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Ntp	Ntp	4.2.8	p9	All	All
Application	Ntp	Ntp	4.3.0	All	All	All
Application	Ntp	Ntp	4.3.1	All	All	All
Application	Ntp	Ntp	4.3.10	All	All	All
Application	Ntp	Ntp	4.3.11	All	All	All
Application	Ntp	Ntp	4.3.12	All	All	All
Application	Ntp	Ntp	4.3.13	All	All	All
Application	Ntp	Ntp	4.3.14	All	All	All
Application	Ntp	Ntp	4.3.15	All	All	All
Application	Ntp	Ntp	4.3.16	All	All	All
Application	Ntp	Ntp	4.3.17	All	All	All
Application	Ntp	Ntp	4.3.18	All	All	All
Application	Ntp	Ntp	4.3.19	All	All	All
Application	Ntp	Ntp	4.3.2	All	All	All
Application	Ntp	Ntp	4.3.20	All	All	All
Application	Ntp	Ntp	4.3.21	All	All	All
Application	Ntp	Ntp	4.3.22	All	All	All
Application	Ntp	Ntp	4.3.23	All	All	All
Application	Ntp	Ntp	4.3.24	All	All	All
Application	Ntp	Ntp	4.3.25	All	All	All
Application	Ntp	Ntp	4.3.26	All	All	All
Application	Ntp	Ntp	4.3.27	All	All	All
Application	Ntp	Ntp	4.3.28	All	All	All
Application	Ntp	Ntp	4.3.29	All	All	All
Application	Ntp	Ntp	4.3.3	All	All	All
Application	Ntp	Ntp	4.3.30	All	All	All
Application	Ntp	Ntp	4.3.31	All	All	All
Application	Ntp	Ntp	4.3.32	All	All	All
Application	Ntp	Ntp	4.3.33	All	All	All
Application	Ntp	Ntp	4.3.34	All	All	All
Application	Ntp	Ntp	4.3.35	All	All	All
Application	Ntp	Ntp	4.3.36	All	All	All
Application	Ntp	Ntp	4.3.37	All	All	All
Application	Ntp	Ntp	4.3.38	All	All	All
Application	Ntp	Ntp	4.3.39	All	All	All
Application	Ntp	Ntp	4.3.4	All	All	All
Application	Ntp	Ntp	4.3.40	All	All	All
Application	Ntp	Ntp	4.3.41	All	All	All
Application	Ntp	Ntp	4.3.42	All	All	All
Application	Ntp	Ntp	4.3.43	All	All	All
Application	Ntp	Ntp	4.3.44	All	All	All
Application	Ntp	Ntp	4.3.45	All	All	All
Application	Ntp	Ntp	4.3.46	All	All	All
Application	Ntp	Ntp	4.3.47	All	All	All
Application	Ntp	Ntp	4.3.48	All	All	All
Application	Ntp	Ntp	4.3.49	All	All	All
Application	Ntp	Ntp	4.3.5	All	All	All
Application	Ntp	Ntp	4.3.50	All	All	All
Application	Ntp	Ntp	4.3.51	All	All	All
Application	Ntp	Ntp	4.3.52	All	All	All
Application	Ntp	Ntp	4.3.53	All	All	All
Application	Ntp	Ntp	4.3.54	All	All	All
Application	Ntp	Ntp	4.3.55	All	All	All
Application	Ntp	Ntp	4.3.56	All	All	All
Application	Ntp	Ntp	4.3.57	All	All	All
Application	Ntp	Ntp	4.3.58	All	All	All
Application	Ntp	Ntp	4.3.59	All	All	All
Application	Ntp	Ntp	4.3.6	All	All	All
Application	Ntp	Ntp	4.3.60	All	All	All
Application	Ntp	Ntp	4.3.61	All	All	All
Application	Ntp	Ntp	4.3.62	All	All	All
Application	Ntp	Ntp	4.3.63	All	All	All
Application	Ntp	Ntp	4.3.64	All	All	All
Application	Ntp	Ntp	4.3.65	All	All	All
Application	Ntp	Ntp	4.3.66	All	All	All
Application	Ntp	Ntp	4.3.67	All	All	All
Application	Ntp	Ntp	4.3.68	All	All	All
Application	Ntp	Ntp	4.3.69	All	All	All
Application	Ntp	Ntp	4.3.7	All	All	All
Application	Ntp	Ntp	4.3.70	All	All	All
Application	Ntp	Ntp	4.3.71	All	All	All
Application	Ntp	Ntp	4.3.72	All	All	All
Application	Ntp	Ntp	4.3.73	All	All	All
Application	Ntp	Ntp	4.3.74	All	All	All
Application	Ntp	Ntp	4.3.75	All	All	All
Application	Ntp	Ntp	4.3.76	All	All	All
Application	Ntp	Ntp	4.3.77	All	All	All
Application	Ntp	Ntp	4.3.78	All	All	All
Application	Ntp	Ntp	4.3.79	All	All	All
Application	Ntp	Ntp	4.3.8	All	All	All
Application	Ntp	Ntp	4.3.80	All	All	All
Application	Ntp	Ntp	4.3.81	All	All	All
Application	Ntp	Ntp	4.3.82	All	All	All
Application	Ntp	Ntp	4.3.83	All	All	All
Application	Ntp	Ntp	4.3.84	All	All	All
Application	Ntp	Ntp	4.3.85	All	All	All
Application	Ntp	Ntp	4.3.86	All	All	All
Application	Ntp	Ntp	4.3.87	All	All	All
Application	Ntp	Ntp	4.3.88	All	All	All
Application	Ntp	Ntp	4.3.89	All	All	All
Application	Ntp	Ntp	4.3.9	All	All	All
Application	Ntp	Ntp	4.3.90	All	All	All
Application	Ntp	Ntp	4.3.91	All	All	All
Application	Ntp	Ntp	4.3.92	All	All	All
Application	Ntp	Ntp	4.3.93	All	All	All
Application	Ntp	Ntp	4.2.8	p9	All	All
Application	Ntp	Ntp	4.3.0	All	All	All
Application	Ntp	Ntp	4.3.1	All	All	All
Application	Ntp	Ntp	4.3.10	All	All	All
Application	Ntp	Ntp	4.3.11	All	All	All
Application	Ntp	Ntp	4.3.12	All	All	All
Application	Ntp	Ntp	4.3.13	All	All	All
Application	Ntp	Ntp	4.3.14	All	All	All
Application	Ntp	Ntp	4.3.15	All	All	All
Application	Ntp	Ntp	4.3.16	All	All	All
Application	Ntp	Ntp	4.3.17	All	All	All
Application	Ntp	Ntp	4.3.18	All	All	All
Application	Ntp	Ntp	4.3.19	All	All	All
Application	Ntp	Ntp	4.3.2	All	All	All
Application	Ntp	Ntp	4.3.20	All	All	All
Application	Ntp	Ntp	4.3.21	All	All	All
Application	Ntp	Ntp	4.3.22	All	All	All
Application	Ntp	Ntp	4.3.23	All	All	All
Application	Ntp	Ntp	4.3.24	All	All	All
Application	Ntp	Ntp	4.3.25	All	All	All
Application	Ntp	Ntp	4.3.26	All	All	All
Application	Ntp	Ntp	4.3.27	All	All	All
Application	Ntp	Ntp	4.3.28	All	All	All
Application	Ntp	Ntp	4.3.29	All	All	All
Application	Ntp	Ntp	4.3.3	All	All	All
Application	Ntp	Ntp	4.3.30	All	All	All
Application	Ntp	Ntp	4.3.31	All	All	All
Application	Ntp	Ntp	4.3.32	All	All	All
Application	Ntp	Ntp	4.3.33	All	All	All
Application	Ntp	Ntp	4.3.34	All	All	All
Application	Ntp	Ntp	4.3.35	All	All	All
Application	Ntp	Ntp	4.3.36	All	All	All
Application	Ntp	Ntp	4.3.37	All	All	All
Application	Ntp	Ntp	4.3.38	All	All	All
Application	Ntp	Ntp	4.3.39	All	All	All
Application	Ntp	Ntp	4.3.4	All	All	All
Application	Ntp	Ntp	4.3.40	All	All	All
Application	Ntp	Ntp	4.3.41	All	All	All
Application	Ntp	Ntp	4.3.42	All	All	All
Application	Ntp	Ntp	4.3.43	All	All	All
Application	Ntp	Ntp	4.3.44	All	All	All
Application	Ntp	Ntp	4.3.45	All	All	All
Application	Ntp	Ntp	4.3.46	All	All	All
Application	Ntp	Ntp	4.3.47	All	All	All
Application	Ntp	Ntp	4.3.48	All	All	All
Application	Ntp	Ntp	4.3.49	All	All	All
Application	Ntp	Ntp	4.3.5	All	All	All
Application	Ntp	Ntp	4.3.50	All	All	All
Application	Ntp	Ntp	4.3.51	All	All	All
Application	Ntp	Ntp	4.3.52	All	All	All
Application	Ntp	Ntp	4.3.53	All	All	All
Application	Ntp	Ntp	4.3.54	All	All	All
Application	Ntp	Ntp	4.3.55	All	All	All
Application	Ntp	Ntp	4.3.56	All	All	All
Application	Ntp	Ntp	4.3.57	All	All	All
Application	Ntp	Ntp	4.3.58	All	All	All
Application	Ntp	Ntp	4.3.59	All	All	All
Application	Ntp	Ntp	4.3.6	All	All	All
Application	Ntp	Ntp	4.3.60	All	All	All
Application	Ntp	Ntp	4.3.61	All	All	All
Application	Ntp	Ntp	4.3.62	All	All	All
Application	Ntp	Ntp	4.3.63	All	All	All
Application	Ntp	Ntp	4.3.64	All	All	All
Application	Ntp	Ntp	4.3.65	All	All	All
Application	Ntp	Ntp	4.3.66	All	All	All
Application	Ntp	Ntp	4.3.67	All	All	All
Application	Ntp	Ntp	4.3.68	All	All	All
Application	Ntp	Ntp	4.3.69	All	All	All
Application	Ntp	Ntp	4.3.7	All	All	All
Application	Ntp	Ntp	4.3.70	All	All	All
Application	Ntp	Ntp	4.3.71	All	All	All
Application	Ntp	Ntp	4.3.72	All	All	All
Application	Ntp	Ntp	4.3.73	All	All	All
Application	Ntp	Ntp	4.3.74	All	All	All
Application	Ntp	Ntp	4.3.75	All	All	All
Application	Ntp	Ntp	4.3.76	All	All	All
Application	Ntp	Ntp	4.3.77	All	All	All
Application	Ntp	Ntp	4.3.78	All	All	All
Application	Ntp	Ntp	4.3.79	All	All	All
Application	Ntp	Ntp	4.3.8	All	All	All
Application	Ntp	Ntp	4.3.80	All	All	All
Application	Ntp	Ntp	4.3.81	All	All	All
Application	Ntp	Ntp	4.3.82	All	All	All
Application	Ntp	Ntp	4.3.83	All	All	All
Application	Ntp	Ntp	4.3.84	All	All	All
Application	Ntp	Ntp	4.3.85	All	All	All
Application	Ntp	Ntp	4.3.86	All	All	All
Application	Ntp	Ntp	4.3.87	All	All	All
Application	Ntp	Ntp	4.3.88	All	All	All
Application	Ntp	Ntp	4.3.89	All	All	All
Application	Ntp	Ntp	4.3.9	All	All	All
Application	Ntp	Ntp	4.3.90	All	All	All
Application	Ntp	Ntp	4.3.91	All	All	All
Application	Ntp	Ntp	4.3.92	All	All	All
Application	Ntp	Ntp	4.3.93	All	All	All

References

Reference	Source	Link	Tags
Red Hat Customer Portal	REDHAT	access.redhat.com
support.ntp.org/bin/view/Main/SecurityNotice	CONFIRM	support.ntp.org	Vendor Advisory
About the security content of macOS High Sierra 10.13 - Apple Support	CONFIRM	support.apple.com
Document Display \| HPE Support Center	CONFIRM	support.hpe.com
support.ntp.org/bin/view/Main/NtpBug3387	CONFIRM	support.ntp.org	Vendor Advisory
USN-3707-2: NTP vulnerabilities \| Ubuntu security notices	UBUNTU	usn.ubuntu.com
FreeBSD-SA-17:03	FREEBSD	security.FreeBSD.org
Red Hat Customer Portal	REDHAT	access.redhat.com
NTP CVE-2017-6463 Denial of Service Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
ntp Multiple Bugs Let Remote or Local Users Cause the Target Service to Crash - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

378174 Virtuozzo Linux Security Update for ntp-doc (VZLSA-2017:3071)
44030 Juniper Network Operating System (Junos OS) Multiple NTP Vulnerabilities (JSA11171)