CVE-2018-7184

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
ntpntp
4.2.8:p10
ntpntp
4.2.8:p4
ntpntp
4.2.8:p5
ntpntp
4.2.8:p6
ntpntp
4.2.8:p7
ntpntp
4.2.8:p8
ntpntp
4.2.8:p9
synologyrouter_manager
1.1
synologyskynas
-
synologyvirtual_diskstation_manager
-
synologydiskstation_manager
5.2
synologydiskstation_manager
6.0
synologydiskstation_manager
6.1
synologyvs960hd_firmware
-
slackwareslackware_linux
14.0
slackwareslackware_linux
14.1
slackwareslackware_linux
14.2
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
canonicalubuntu_linux
18.04
netappcloud_backup
-
netappsteelstore_cloud_integrated_storage
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
1:4.2.8p15+dfsg-1
fixed
stretch
no-dsa
jessie
no-dsa
wheezy
ignored
ntpsec
bullseye
1.2.0+dfsg1-4
fixed
stretch
no-dsa
jessie
no-dsa
wheezy
ignored
bookworm
1.2.2+dfsg1-1+deb12u1
fixed
bookworm (security)
1.2.2+dfsg1-1+deb12u1
fixed
sid
1.2.3+dfsg1-3
fixed
trixie
1.2.3+dfsg1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
bionic
Fixed 1:4.2.8p10+dfsg-5ubuntu7.1
released
artful
Fixed 1:4.2.8p10+dfsg-5ubuntu3.3
released
xenial
not-affected
trusty
not-affected
References
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
http://support.ntp.org/bin/view/Main/NtpBug3453
http://www.securityfocus.com/archive/1/541824/100/0/threaded
http://www.securityfocus.com/bid/103192
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
https://security.gentoo.org/glsa/201805-12
https://security.netapp.com/advisory/ntap-20180626-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
https://usn.ubuntu.com/3707-1/
https://www.synology.com/support/security/Synology_SA_18_13
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
http://support.ntp.org/bin/view/Main/NtpBug3453
http://www.securityfocus.com/archive/1/541824/100/0/threaded
http://www.securityfocus.com/bid/103192
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
https://security.gentoo.org/glsa/201805-12
https://security.netapp.com/advisory/ntap-20180626-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
https://usn.ubuntu.com/3707-1/
https://www.synology.com/support/security/Synology_SA_18_13