CVE-2017-6455
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
27/03/2017
Last modified:
20/04/2025
Description
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.
Impact
Base Score 3.x
7.00
Severity 3.x
HIGH
Base Score 2.0
4.40
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:* | ||
cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://support.ntp.org/bin/view/Main/NtpBug3384
- http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
- http://www.securityfocus.com/bid/97074
- http://www.securitytracker.com/id/1038123
- http://www.securitytracker.com/id/1039427
- https://support.apple.com/HT208144
- http://support.ntp.org/bin/view/Main/NtpBug3384
- http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
- http://www.securityfocus.com/bid/97074
- http://www.securitytracker.com/id/1038123
- http://www.securitytracker.com/id/1039427
- https://support.apple.com/HT208144