ArchLinux: 201810-2: ntp: arbitrary code execution
Summary
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter.
Resolution
Upgrade to 4.2.8.p12-1.
# pacman -Syu "ntp>=4.2.8.p12-1"
The problem has been fixed upstream in version 4.2.8.p12.
References
https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f ;REV=5b3ba863G-42Ac2TFzCy-PZ8vqNfVA https://security.archlinux.org/CVE-2018-12327
Workaround
None.