Candidate: CVE-2017-6451
PublicDate: 2017-03-27 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6451
Description:
 The mx4200_send function in the legacy MX4200 refclock in NTP before
 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value
 of the snprintf function, which allows local users to execute arbitrary
 code via unspecified vectors, which trigger an out-of-bounds memory write.
Ubuntu-Description:
Notes:
Bugs:
 http://support.ntp.org/bin/view/Main/NtpBug3378
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_ntp:
upstream_ntp: needs-triage
precise_ntp: not-affected (code not compiled)
trusty_ntp: not-affected (code not compiled)
trusty/esm_ntp: not-affected (code not compiled)
vivid/stable-phone-overlay_ntp: not-affected (code not compiled)
vivid/ubuntu-core_ntp: DNE
xenial_ntp: not-affected (code not compiled)
esm-infra/xenial_ntp: not-affected (code not compiled)
yakkety_ntp: not-affected (code not compiled)
devel_ntp: not-affected (code not compiled)