Upstream information

CVE-2017-6463 at MITRE

Description

NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.00
Vector AV:N/AC:L/Au:S/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
CVSS v3 Scores
  National Vulnerability Database
Base Score 6.5
Vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Access Vector Network
Access Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
SUSE Bugzilla entry: 1030050 [IN_PROGRESS]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12 SP1
  • ntp >= 4.2.8p10-60.1
  • ntp-doc >= 4.2.8p10-60.1
Patchnames:
SUSE-SLE-DESKTOP-12-SP1-2017-611
SUSE Linux Enterprise Desktop 12 SP2
  • ntp >= 4.2.8p10-60.1
  • ntp-doc >= 4.2.8p10-60.1
Patchnames:
SUSE-SLE-DESKTOP-12-SP2-2017-611
SUSE Linux Enterprise Server 11 SP4
  • ntp >= 4.2.8p10-63.1
  • ntp-doc >= 4.2.8p10-63.1
Patchnames:
slessp4-ntp-13066
SUSE Linux Enterprise Server 12 SP1
  • ntp >= 4.2.8p10-60.1
  • ntp-doc >= 4.2.8p10-60.1
Patchnames:
SUSE-SLE-SERVER-12-SP1-2017-611
SUSE Linux Enterprise Server 12 SP2
  • ntp >= 4.2.8p10-60.1
  • ntp-doc >= 4.2.8p10-60.1
Patchnames:
SUSE-SLE-SERVER-12-SP2-2017-611
SUSE Linux Enterprise Server 12-LTSS
  • ntp >= 4.2.8p10-46.23.1
  • ntp-doc >= 4.2.8p10-46.23.1
Patchnames:
SUSE-SLE-SERVER-12-2017-612
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • ntp >= 4.2.8p10-60.1
  • ntp-doc >= 4.2.8p10-60.1
Patchnames:
SUSE-SLE-RPI-12-SP2-2017-611
SUSE Linux Enterprise for SAP 12
  • ntp >= 4.2.8p10-46.23.1
  • ntp-doc >= 4.2.8p10-46.23.1
Patchnames:
SUSE-SLE-SAP-12-2017-612
openSUSE Leap 42.1
  • ntp >= 4.2.8p10-31.1
  • ntp-debuginfo >= 4.2.8p10-31.1
  • ntp-debugsource >= 4.2.8p10-31.1
  • ntp-doc >= 4.2.8p10-31.1
Patchnames:
openSUSE-2017-511
openSUSE Leap 42.2
  • ntp >= 4.2.8p10-29.3.2
  • ntp-debuginfo >= 4.2.8p10-29.3.2
  • ntp-debugsource >= 4.2.8p10-29.3.2
  • ntp-doc >= 4.2.8p10-29.3.2
Patchnames:
openSUSE-2017-511