vulnerability
NTP: Improper Control of Generation of Code ('Code Injection') (CVE-2017-6455)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:S/C:C/I:C/A:C) | Mar 27, 2017 | Feb 23, 2023 | Jan 28, 2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:S/C:C/I:C/A:C)
Published
Mar 27, 2017
Added
Feb 23, 2023
Modified
Jan 28, 2025
Description
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.
Solution
ntp-upgrade-latest
References
- BID-97074
- CVE-2017-6455
- https://attackerkb.com/topics/CVE-2017-6455
- URL-http://support.ntp.org/bin/view/Main/NtpBug3384
- URL-http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
- URL-http://www.securityfocus.com/bid/97074
- URL-http://www.securitytracker.com/id/1038123
- URL-http://www.securitytracker.com/id/1039427
- URL-https://support.apple.com/HT208144
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.