cvelistv5 - CVE-2023-26552

URL	Tags
cve@mitre.org	https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552	Third Party Advisory
cve@mitre.org	https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321	Third Party Advisory

▼	Vendor	Product
	n/a	n/a

gsd-2023-26552

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

Aliases

CVE-2023-26552

Aliases

CVE-2023-26552

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-26552",
    "id": "GSD-2023-26552"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-26552"
      ],
      "details": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.",
      "id": "GSD-2023-26552",
      "modified": "2023-12-13T01:20:53.794665Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-26552",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552",
            "refsource": "MISC",
            "url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552"
          },
          {
            "name": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321",
            "refsource": "MISC",
            "url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2023-26552"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552"
            },
            {
              "name": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2023-04-20T14:37Z",
      "publishedDate": "2023-04-11T21:15Z"
    }
  }
}

wid-sec-w-2023-0938

Vulnerability from csaf_certbund

Published

2023-04-11 22:00

Modified

2024-05-01 22:00

Summary

ntp: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Bei ntp handelt es sich um eine Sammlung von Dienstprogrammen und einem Daemon zur Verwendung des Network Time Protocols auf UNIX-basierten Systemen.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ntp ausnutzen, um nicht näher definierte Auswirkungen zu erreichen. Die Ausnutzung erfordert eine bestimmte Konfiguration und ggf. das Mitwirken eines Administrators, beispielsweise durch Social Engineering.

Betroffene Betriebssysteme

- Linux - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Bei ntp handelt es sich um eine Sammlung von Dienstprogrammen und einem Daemon zur Verwendung des Network Time Protocols auf UNIX-basierten Systemen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ntp ausnutzen, um nicht n\u00e4her definierte Auswirkungen zu erreichen. Die Ausnutzung erfordert eine bestimmte Konfiguration und ggf. das Mitwirken eines Administrators, beispielsweise durch Social Engineering.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0938 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0938.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0938 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0938"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-2396 vom 2024-01-10",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2396.html"
      },
      {
        "category": "external",
        "summary": "GitHub Repository ntp-4.2.8p15-cves vom 2023-04-11",
        "url": "https://github.com/spwpun/ntp-4.2.8p15-cves"
      },
      {
        "category": "external",
        "summary": "Meinberg Statement vom 2023-04-13",
        "url": "https://www.meinberg.de/german/news/stellungnahme-zu-den-am-12-04-2023-gemeldeten-schwachstellen-im-ntp-projekt.htm"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2142-1 vom 2023-05-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-May/014820.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2171-1 vom 2023-05-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-May/014847.html"
      },
      {
        "category": "external",
        "summary": "Meinberg Security Advisory MBGSA-2023.03 vom 2023-05-23",
        "url": "https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-03-lantime-firmware-v7-06-014.htm"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-C0762A0E57 vom 2023-06-05",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c0762a0e57"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-611A143D5F vom 2023-06-05",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-611a143d5f"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2608-1 vom 2023-06-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015269.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2609-1 vom 2023-06-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015268.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7047270 vom 2023-10-05",
        "url": "https://www.ibm.com/support/pages/node/7047270"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX24-004 vom 2024-03-04",
        "url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox%C2%AE-Security-Bulletin-XRX24-004-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX24-005 vom 2024-03-04",
        "url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox-Security-Bulletin-XRX24-005-Xerox-FreeFlow%C2%AE-Print-Server-v9_Feb-2024.pdf"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2023-317 vom 2023-11-13",
        "url": "https://www.dell.com/support/kbdoc/de-de/000219148/dsa-2023-317-security-update-for-dell-networker-vproxy-multiple-linux-packages-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2024-2396 vom 2024-04-30",
        "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23228"
      },
      {
        "category": "external",
        "summary": "Broadcom Security Advisory vom 2024-04-30",
        "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23299"
      }
    ],
    "source_lang": "en-US",
    "title": "ntp: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-01T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:48:36.156+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0938",
      "initial_release_date": "2023-04-11T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-11T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-04-12T22:00:00.000+00:00",
          "number": "2",
          "summary": "Beschreibung und Bewertung angepasst"
        },
        {
          "date": "2023-04-13T22:00:00.000+00:00",
          "number": "3",
          "summary": "Informationen von Meinberg aufgenommen"
        },
        {
          "date": "2023-05-09T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-05-10T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-05-22T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Meinberg aufgenommen"
        },
        {
          "date": "2023-06-04T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-06-21T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-10-05T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-11-12T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-01-09T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-03-03T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von XEROX aufgenommen"
        },
        {
          "date": "2024-05-01T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von BROCADE aufgenommen"
        }
      ],
      "status": "final",
      "version": "13"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Broadcom Brocade SANnav",
            "product": {
              "name": "Broadcom Brocade SANnav",
              "product_id": "T022212",
              "product_identification_helper": {
                "cpe": "cpe:/a:broadcom:brocade_sannav:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Broadcom Fabric OS",
                "product": {
                  "name": "Broadcom Fabric OS",
                  "product_id": "978054",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:broadcom:fabric_operating_system:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.1d",
                "product": {
                  "name": "Broadcom Fabric OS \u003c9.1.1d",
                  "product_id": "T034128"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.0b",
                "product": {
                  "name": "Broadcom Fabric OS \u003c9.2.0b",
                  "product_id": "T034260"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.2.3e",
                "product": {
                  "name": "Broadcom Fabric OS \u003c8.2.3e",
                  "product_id": "T034262"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.1",
                "product": {
                  "name": "Broadcom Fabric OS \u003c9.2.1",
                  "product_id": "T034487"
                }
              }
            ],
            "category": "product_name",
            "name": "Fabric OS"
          }
        ],
        "category": "vendor",
        "name": "Broadcom"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cvproxy 19.9.0.2",
                "product": {
                  "name": "Dell NetWorker \u003cvproxy 19.9.0.2",
                  "product_id": "T030173"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cvproxy 19.8.0.3",
                "product": {
                  "name": "Dell NetWorker \u003cvproxy 19.8.0.3",
                  "product_id": "T030174"
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.2",
                "product": {
                  "name": "IBM AIX 7.2",
                  "product_id": "434967",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.3",
                "product": {
                  "name": "IBM AIX 7.3",
                  "product_id": "T029653",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AIX"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.1",
                "product": {
                  "name": "IBM VIOS 3.1",
                  "product_id": "1039165",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:vios:3.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "VIOS"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV7.06.014",
                "product": {
                  "name": "Meinberg LANTIME \u003cV7.06.014",
                  "product_id": "T027837"
                }
              }
            ],
            "category": "product_name",
            "name": "LANTIME"
          }
        ],
        "category": "vendor",
        "name": "Meinberg"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "4.2.8p15",
                "product": {
                  "name": "Open Source ntp 4.2.8p15",
                  "product_id": "T016798",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ntp:ntp:4.2.8p15"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ntp"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v7",
                "product": {
                  "name": "Xerox FreeFlow Print Server v7",
                  "product_id": "T015631",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "v9",
                "product": {
                  "name": "Xerox FreeFlow Print Server v9",
                  "product_id": "T015632",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26551",
      "notes": [
        {
          "category": "description",
          "text": "In ntp existieren mehrere Schwachstellen aufgrund von \"out of bounds\" Speicherzugriffen. Betroffen sind die Komponenten in \"libntp/mstolfp.c\" aus \"libntp\" und \"praecis_parse\" in \"ntpd/refclock_palisade.c\". Nach neueren Recherchen ist ein Remote-Angriff auf einen laufenden ntpd unwahrscheinlich, da die Funktion mstolfp(), die die ersten vier CVE\u2019s (CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554) betrifft, zwar in libntp/mstolfp.c definiert, aber von ntpd selbst nicht aufgerufen wird. Verwendet wird die Funktion lediglich im Hilfsprogramm ntpq, welches der Administrator aufrufen kann, um Status-Informationen von ntpd abzurufen und anzuzeigen. Folglich erfordert der Angriff eine lokale Interaktion eines Administrators und die Nutzung eines vom Angreifer kontrollierten NTP Servers. Die letzte CVE (CVE-2023-26555) bezieht sich auf einen Treiber f\u00fcr bestimmte GPS Empf\u00e4nger, die h\u00f6chstwahrscheinlich nur noch vereinzelt in Gebrauch sind. Eine Ausnutzung ist auch hier sehr unwahrscheinlich. Unsere Bewertung dieser Schwachstellen haben wir deshalb deutlich verringert."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034128",
          "434967",
          "1039165",
          "T015632",
          "T016798",
          "T034262",
          "T015631",
          "T030174",
          "T030173",
          "T034487",
          "74185",
          "978054",
          "T002207",
          "T034260",
          "T027837",
          "398363",
          "T022212",
          "T029653"
        ]
      },
      "release_date": "2023-04-11T22:00:00.000+00:00",
      "title": "CVE-2023-26551"
    },
    {
      "cve": "CVE-2023-26552",
      "notes": [
        {
          "category": "description",
          "text": "In ntp existieren mehrere Schwachstellen aufgrund von \"out of bounds\" Speicherzugriffen. Betroffen sind die Komponenten in \"libntp/mstolfp.c\" aus \"libntp\" und \"praecis_parse\" in \"ntpd/refclock_palisade.c\". Nach neueren Recherchen ist ein Remote-Angriff auf einen laufenden ntpd unwahrscheinlich, da die Funktion mstolfp(), die die ersten vier CVE\u2019s (CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554) betrifft, zwar in libntp/mstolfp.c definiert, aber von ntpd selbst nicht aufgerufen wird. Verwendet wird die Funktion lediglich im Hilfsprogramm ntpq, welches der Administrator aufrufen kann, um Status-Informationen von ntpd abzurufen und anzuzeigen. Folglich erfordert der Angriff eine lokale Interaktion eines Administrators und die Nutzung eines vom Angreifer kontrollierten NTP Servers. Die letzte CVE (CVE-2023-26555) bezieht sich auf einen Treiber f\u00fcr bestimmte GPS Empf\u00e4nger, die h\u00f6chstwahrscheinlich nur noch vereinzelt in Gebrauch sind. Eine Ausnutzung ist auch hier sehr unwahrscheinlich. Unsere Bewertung dieser Schwachstellen haben wir deshalb deutlich verringert."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034128",
          "434967",
          "1039165",
          "T015632",
          "T016798",
          "T034262",
          "T015631",
          "T030174",
          "T030173",
          "T034487",
          "74185",
          "978054",
          "T002207",
          "T034260",
          "T027837",
          "398363",
          "T022212",
          "T029653"
        ]
      },
      "release_date": "2023-04-11T22:00:00.000+00:00",
      "title": "CVE-2023-26552"
    },
    {
      "cve": "CVE-2023-26553",
      "notes": [
        {
          "category": "description",
          "text": "In ntp existieren mehrere Schwachstellen aufgrund von \"out of bounds\" Speicherzugriffen. Betroffen sind die Komponenten in \"libntp/mstolfp.c\" aus \"libntp\" und \"praecis_parse\" in \"ntpd/refclock_palisade.c\". Nach neueren Recherchen ist ein Remote-Angriff auf einen laufenden ntpd unwahrscheinlich, da die Funktion mstolfp(), die die ersten vier CVE\u2019s (CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554) betrifft, zwar in libntp/mstolfp.c definiert, aber von ntpd selbst nicht aufgerufen wird. Verwendet wird die Funktion lediglich im Hilfsprogramm ntpq, welches der Administrator aufrufen kann, um Status-Informationen von ntpd abzurufen und anzuzeigen. Folglich erfordert der Angriff eine lokale Interaktion eines Administrators und die Nutzung eines vom Angreifer kontrollierten NTP Servers. Die letzte CVE (CVE-2023-26555) bezieht sich auf einen Treiber f\u00fcr bestimmte GPS Empf\u00e4nger, die h\u00f6chstwahrscheinlich nur noch vereinzelt in Gebrauch sind. Eine Ausnutzung ist auch hier sehr unwahrscheinlich. Unsere Bewertung dieser Schwachstellen haben wir deshalb deutlich verringert."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034128",
          "434967",
          "1039165",
          "T015632",
          "T016798",
          "T034262",
          "T015631",
          "T030174",
          "T030173",
          "T034487",
          "74185",
          "978054",
          "T002207",
          "T034260",
          "T027837",
          "398363",
          "T022212",
          "T029653"
        ]
      },
      "release_date": "2023-04-11T22:00:00.000+00:00",
      "title": "CVE-2023-26553"
    },
    {
      "cve": "CVE-2023-26554",
      "notes": [
        {
          "category": "description",
          "text": "In ntp existieren mehrere Schwachstellen aufgrund von \"out of bounds\" Speicherzugriffen. Betroffen sind die Komponenten in \"libntp/mstolfp.c\" aus \"libntp\" und \"praecis_parse\" in \"ntpd/refclock_palisade.c\". Nach neueren Recherchen ist ein Remote-Angriff auf einen laufenden ntpd unwahrscheinlich, da die Funktion mstolfp(), die die ersten vier CVE\u2019s (CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554) betrifft, zwar in libntp/mstolfp.c definiert, aber von ntpd selbst nicht aufgerufen wird. Verwendet wird die Funktion lediglich im Hilfsprogramm ntpq, welches der Administrator aufrufen kann, um Status-Informationen von ntpd abzurufen und anzuzeigen. Folglich erfordert der Angriff eine lokale Interaktion eines Administrators und die Nutzung eines vom Angreifer kontrollierten NTP Servers. Die letzte CVE (CVE-2023-26555) bezieht sich auf einen Treiber f\u00fcr bestimmte GPS Empf\u00e4nger, die h\u00f6chstwahrscheinlich nur noch vereinzelt in Gebrauch sind. Eine Ausnutzung ist auch hier sehr unwahrscheinlich. Unsere Bewertung dieser Schwachstellen haben wir deshalb deutlich verringert."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034128",
          "434967",
          "1039165",
          "T015632",
          "T016798",
          "T034262",
          "T015631",
          "T030174",
          "T030173",
          "T034487",
          "74185",
          "978054",
          "T002207",
          "T034260",
          "T027837",
          "398363",
          "T022212",
          "T029653"
        ]
      },
      "release_date": "2023-04-11T22:00:00.000+00:00",
      "title": "CVE-2023-26554"
    },
    {
      "cve": "CVE-2023-26555",
      "notes": [
        {
          "category": "description",
          "text": "In ntp existieren mehrere Schwachstellen aufgrund von \"out of bounds\" Speicherzugriffen. Betroffen sind die Komponenten in \"libntp/mstolfp.c\" aus \"libntp\" und \"praecis_parse\" in \"ntpd/refclock_palisade.c\". Nach neueren Recherchen ist ein Remote-Angriff auf einen laufenden ntpd unwahrscheinlich, da die Funktion mstolfp(), die die ersten vier CVE\u2019s (CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554) betrifft, zwar in libntp/mstolfp.c definiert, aber von ntpd selbst nicht aufgerufen wird. Verwendet wird die Funktion lediglich im Hilfsprogramm ntpq, welches der Administrator aufrufen kann, um Status-Informationen von ntpd abzurufen und anzuzeigen. Folglich erfordert der Angriff eine lokale Interaktion eines Administrators und die Nutzung eines vom Angreifer kontrollierten NTP Servers. Die letzte CVE (CVE-2023-26555) bezieht sich auf einen Treiber f\u00fcr bestimmte GPS Empf\u00e4nger, die h\u00f6chstwahrscheinlich nur noch vereinzelt in Gebrauch sind. Eine Ausnutzung ist auch hier sehr unwahrscheinlich. Unsere Bewertung dieser Schwachstellen haben wir deshalb deutlich verringert."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034128",
          "434967",
          "1039165",
          "T015632",
          "T016798",
          "T034262",
          "T015631",
          "T030174",
          "T030173",
          "T034487",
          "74185",
          "978054",
          "T002207",
          "T034260",
          "T027837",
          "398363",
          "T022212",
          "T029653"
        ]
      },
      "release_date": "2023-04-11T22:00:00.000+00:00",
      "title": "CVE-2023-26555"
    }
  ]
}

ssa-238730

Vulnerability from csaf_siemens

Published

2024-06-11 00:00

Modified

2024-06-11 00:00

Summary

SSA-238730: Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4

Notes

Summary

Multiple out-of-bounds vulnerabilities in third-party components are affecting SITOP UPS1600 before V2.5.4. Attackers could exploit these vulnerabilities and cause limited impact in the affected systems. Siemens has released new versions for the affected products and recommends to update to the latest versions.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple out-of-bounds vulnerabilities in third-party components are affecting SITOP UPS1600 before V2.5.4. Attackers could exploit these vulnerabilities and cause limited impact in the affected systems.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-238730: Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-238730.html"
      },
      {
        "category": "self",
        "summary": "SSA-238730: Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-238730.json"
      },
      {
        "category": "self",
        "summary": "SSA-238730: Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4 - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-238730.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-238730: Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4 - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-238730.txt"
      }
    ],
    "title": "SSA-238730: Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4",
    "tracking": {
      "current_release_date": "2024-06-11T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-238730",
      "initial_release_date": "2024-06-11T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-11T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "interim",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV2.5.4",
                "product": {
                  "name": "SITOP UPS1600 10 A Ethernet/ PROFINET (6EP4134-3AB00-2AY0)",
                  "product_id": "1",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6EP4134-3AB00-2AY0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SITOP UPS1600 10 A Ethernet/ PROFINET (6EP4134-3AB00-2AY0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV2.5.4",
                "product": {
                  "name": "SITOP UPS1600 20 A Ethernet/ PROFINET (6EP4136-3AB00-2AY0)",
                  "product_id": "2",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6EP4136-3AB00-2AY0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SITOP UPS1600 20 A Ethernet/ PROFINET (6EP4136-3AB00-2AY0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV2.5.4",
                "product": {
                  "name": "SITOP UPS1600 40 A Ethernet/ PROFINET (6EP4137-3AB00-2AY0)",
                  "product_id": "3",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6EP4137-3AB00-2AY0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SITOP UPS1600 40 A Ethernet/ PROFINET (6EP4137-3AB00-2AY0)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV2.5.4",
                "product": {
                  "name": "SITOP UPS1600 EX 20 A Ethernet PROFINET (6EP4136-3AC00-2AY0)",
                  "product_id": "4",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6EP4136-3AC00-2AY0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SITOP UPS1600 EX 20 A Ethernet PROFINET (6EP4136-3AC00-2AY0)"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26552",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V2.5.4 or later version",
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/79207181/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4"
          ]
        }
      ],
      "title": "CVE-2023-26552"
    },
    {
      "cve": "CVE-2023-26553",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V2.5.4 or later version",
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/79207181/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4"
          ]
        }
      ],
      "title": "CVE-2023-26553"
    },
    {
      "cve": "CVE-2023-26554",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a \u0027\\0\u0027 character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V2.5.4 or later version",
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/79207181/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4"
          ]
        }
      ],
      "title": "CVE-2023-26554"
    }
  ]
}

ghsa-55jm-6fgm-6r95

Vulnerability from github

Published

2023-04-11 21:31

Modified

2024-04-04 03:24

Severity ?

5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-26552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-11T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point.",
  "id": "GHSA-55jm-6fgm-6r95",
  "modified": "2024-04-04T03:24:49Z",
  "published": "2023-04-11T21:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26552"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Action not permitted

CVE-2023-26552

Vulnerability from cvelistv5

gsd-2023-26552

Vulnerability from gsd

wid-sec-w-2023-0938

Vulnerability from csaf_certbund

ssa-238730

Vulnerability from csaf_siemens

ghsa-55jm-6fgm-6r95

Vulnerability from github

Tags