CVE-2018-7185

EUVD-2018-18927
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
ntpntp
4.2.6 ≤
𝑥
< 4.2.8
ntpntp
4.2.8
ntpntp
4.2.8:p1
ntpntp
4.2.8:p1-beta1
ntpntp
4.2.8:p1-beta2
ntpntp
4.2.8:p1-beta3
ntpntp
4.2.8:p1-beta4
ntpntp
4.2.8:p1-beta5
ntpntp
4.2.8:p1-rc1
ntpntp
4.2.8:p1-rc2
ntpntp
4.2.8:p10
ntpntp
4.2.8:p2
ntpntp
4.2.8:p2-rc1
ntpntp
4.2.8:p2-rc2
ntpntp
4.2.8:p2-rc3
ntpntp
4.2.8:p3
ntpntp
4.2.8:p3-rc1
ntpntp
4.2.8:p3-rc2
ntpntp
4.2.8:p3-rc3
ntpntp
4.2.8:p4
ntpntp
4.2.8:p5
ntpntp
4.2.8:p6
ntpntp
4.2.8:p7
ntpntp
4.2.8:p8
ntpntp
4.2.8:p9
synologyrouter_manager
1.1 ≤
𝑥
< 1.1.6-6931-3
synologyskynas
𝑥
< 6.1.5-15254
synologyvirtual_diskstation_manager
𝑥
< 6.1.6-15266
synologydiskstation_manager
5.2 ≤
𝑥
< 6.1.6-15266
synologyvs960hd_firmware
𝑥
< 2.2.3-1505
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
canonicalubuntu_linux
18.04
netapphci
-
netappsolidfire
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
1:4.2.8p15+dfsg-1
fixed
jessie
no-dsa
stretch
no-dsa
wheezy
ignored
ntpsec
bookworm
1.2.2+dfsg1-1+deb12u1
fixed
bookworm (security)
1.2.2+dfsg1-1+deb12u1
fixed
bullseye
1.2.0+dfsg1-4
fixed
jessie
no-dsa
sid
1.2.3+dfsg1-3
fixed
stretch
no-dsa
trixie
1.2.3+dfsg1-3
fixed
wheezy
ignored
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
artful
Fixed 1:4.2.8p10+dfsg-5ubuntu3.3
released
bionic
Fixed 1:4.2.8p10+dfsg-5ubuntu7.1
released
cosmic
Fixed 1:4.2.8p11+dfsg-1ubuntu1
released
trusty
Fixed 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13
released
xenial
Fixed 1:4.2.8p4+dfsg-3ubuntu5.9
released
References
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
http://support.ntp.org/bin/view/Main/NtpBug3454
http://www.securityfocus.com/archive/1/541824/100/0/threaded
http://www.securityfocus.com/bid/103339
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
https://security.gentoo.org/glsa/201805-12
https://security.netapp.com/advisory/ntap-20180626-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
https://usn.ubuntu.com/3707-1/
https://usn.ubuntu.com/3707-2/
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.synology.com/support/security/Synology_SA_18_13
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
http://support.ntp.org/bin/view/Main/NtpBug3454
http://www.securityfocus.com/archive/1/541824/100/0/threaded
http://www.securityfocus.com/bid/103339
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
https://security.gentoo.org/glsa/201805-12
https://security.netapp.com/advisory/ntap-20180626-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
https://usn.ubuntu.com/3707-1/
https://usn.ubuntu.com/3707-2/
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.synology.com/support/security/Synology_SA_18_13