CVE-2018-7182
published 2018-03-06CVE-2018-7182: The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6…
PriorityP355high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
29.85%
98.0th percentile
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | ntp | < ntp 1:4.2.8p11+dfsg-1 (bullseye) | ntp 1:4.2.8p11+dfsg-1 (bullseye) |
| debian | ntpsec | < ntp 1:4.2.8p11+dfsg-1 (bullseye) | ntp 1:4.2.8p11+dfsg-1 (bullseye) |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | >= 0 < 1:4.2.8p11+dfsg-1 | 1:4.2.8p11+dfsg-1 |
| ntp | ntp | >= 0 < 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 |
| ntp | ntp | >= 0 < 1:4.2.8p4+dfsg-3ubuntu5.9 | 1:4.2.8p4+dfsg-3ubuntu5.9 |
| ntp | ntp | >= 0 < 1:4.2.8p10+dfsg-5ubuntu7.1 | 1:4.2.8p10+dfsg-5ubuntu7.1 |
| ntp | ntp | >= 0 < 1:4.2.8p10+dfsg-5ubuntu7.3 | 1:4.2.8p10+dfsg-5ubuntu7.3 |
| ntp | ntp | >= 0 < 1:4.2.8p12+dfsg-3ubuntu4.20.04.1 | 1:4.2.8p12+dfsg-3ubuntu4.20.04.1 |
| ntpsec | ntpsec | >= 0 < 1.0.0+dfsg1-5 | 1.0.0+dfsg1-5 |
| ntpsec | ntpsec | >= 0 < 1.0.0+dfsg1-5 | 1.0.0+dfsg1-5 |
| ntpsec | ntpsec | >= 0 < 1.0.0+dfsg1-5 | 1.0.0+dfsg1-5 |
| ntpsec | ntpsec | >= 0 < 1.0.0+dfsg1-5 | 1.0.0+dfsg1-5 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wjhm-mrg7-qc53: The ctl_getitem method in ntpd in ntp-4
ghsa_unreviewed·2022-05-13
CVE-2018-7182 [HIGH] CWE-125 GHSA-wjhm-mrg7-qc53: The ctl_getitem method in ntpd in ntp-4
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
OSV
ntp vulnerability
osv·2021-04-20·CVSS 7.5
CVE-2018-7182 [HIGH] ntp vulnerability
ntp vulnerability
USN-4563-1 fixed a vulnerability in NTP. This update provides the
corresponding update for Ubuntu 20.04 LTS and Ubuntu 20.10.
Original advisory details:
It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer
dereference into NTP. An attacker could use this vulnerability to cause a
denial of service (crash).
OSV
ntp vulnerability
osv·2020-10-01·CVSS 7.5
CVE-2018-7182 [HIGH] ntp vulnerability
ntp vulnerability
It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer
dereference into NTP. An attacker could use this vulnerability to cause a
denial of service (crash).
OSV
ntp vulnerabilities
osv·2018-07-09·CVSS 7.5
CVE-2018-7182 [HIGH] ntp vulnerabilities
ntp vulnerabilities
Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6
packets. A remote attacker could possibly use this issue to cause ntpd to
crash, resulting in a denial of service. This issue only affected Ubuntu
17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182)
Michael Macnair discovered that NTP incorrectly handled certain responses.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-7183)
Miroslav Lichvar discovered that NTP incorrectly handled certain
zero-origin timestamps. A remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu
18.04 LTS. (CVE-2018-7184)
Miroslav Lichvar discovered that NTP incorrectly handled certain
zero-origin timestamps. A remote at
OSV
CVE-2018-7182: The ctl_getitem method in ntpd in ntp-4
osv·2018-03-06·CVSS 7.5
CVE-2018-7182 [HIGH] CVE-2018-7182: The ctl_getitem method in ntpd in ntp-4
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
Ubuntu
NTP vulnerability
vendor_ubuntu·2021-04-20·CVSS 7.5
CVE-2019-8936 [HIGH] NTP vulnerability
Title: NTP vulnerability
Summary: NTP could be made to crash.
USN-4563-1 fixed a vulnerability in NTP. This update provides the
corresponding update for Ubuntu 20.04 LTS and Ubuntu 20.10.
Original advisory details:
It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer
dereference into NTP. An attacker could use this vulnerability to cause a
denial of service (crash).
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
NTP vulnerability
vendor_ubuntu·2020-10-01·CVSS 7.5
CVE-2019-8936 [HIGH] NTP vulnerability
Title: NTP vulnerability
Summary: NTP could be made to crash.
It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer
dereference into NTP. An attacker could use this vulnerability to cause a
denial of service (crash).
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
NTP vulnerabilities
vendor_ubuntu·2018-07-09·CVSS 7.5
CVE-2018-7182 [HIGH] NTP vulnerabilities
Title: NTP vulnerabilities
Summary: Several security issues were fixed in NTP.
Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6
packets. A remote attacker could possibly use this issue to cause ntpd to
crash, resulting in a denial of service. This issue only affected Ubuntu
17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182)
Michael Macnair discovered that NTP incorrectly handled certain responses.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-7183)
Miroslav Lichvar discovered that NTP incorrectly handled certain
zero-origin timestamps. A remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu
18.04 LTS. (CVE-2018-7184)
Miroslav Lichvar discovered that NTP inc
BSD
FreeBSD-SA-18:02.ntp: Multiple vulnerabilities of ntp
bsd_advisories·2018-03-07·CVSS 5.3
CVE-2017-7183 [MEDIUM] FreeBSD-SA-18:02.ntp: Multiple vulnerabilities of ntp
FreeBSD-SA-18:02.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib
Module: ntp
Announced: 2018-03-07
Credits: Network Time Foundation
Affects: All supported versions of FreeBSD.
Corrected: 2018-02-28 09:01:03 UTC (stable/11, 11.1-STABLE)
2018-03-07 05:58:24 UTC (releng/11.1, 11.1-RELEASE-p7)
2018-03-01 04:06:49 UTC (stable/10, 10.4-STABLE)
2018-03-07 05:58:24 UTC (releng/10.4, 10.4-RELEASE-p6)
2018-03-07 05:58:24 UTC (releng/10.3, 10.3-RELEASE-p27)
CVE Name: CVE-2018-7182, CVE-2018-7170, CVE-2018-7184, CVE-2018-7185,
CVE-2018-7183
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The ntpd(8) daemon is an i
Red Hat
ntp: buffer read overrun leads information leak in ctl_getitem()
vendor_redhat·2018-02-27·CVSS 7.5
CVE-2018-7182 [HIGH] CWE-119 ntp: buffer read overrun leads information leak in ctl_getitem()
ntp: buffer read overrun leads information leak in ctl_getitem()
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
Package: ntp (Red Hat Enterprise Linux 5) - Not affected
Package: ntp (Red Hat Enterprise Linux 6) - Not affected
Package: ntp (Red Hat Enterprise Linux 7) - Not affected
Package: ntp (Red Hat Enterprise Linux 8) - Will not fix
Debian
CVE-2018-7182: ntp - The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote atta...
vendor_debian·2018·CVSS 7.5
CVE-2018-7182 [HIGH] CVE-2018-7182: ntp - The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote atta...
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
Scope: local
bullseye: resolved (fixed in 1:4.2.8p11+dfsg-1)
No detection rules found.
Bugzilla
CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]
bugzilla·2018-02-28·CVSS 5.3
CVE-2018-7170 [MEDIUM] CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]
CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mul
Bugzilla
CVE-2018-7182 ntp: buffer read overrun leads information leak in ctl_getitem()
bugzilla·2018-02-28·CVSS 7.5
CVE-2018-7182 [HIGH] CVE-2018-7182 ntp: buffer read overrun leads information leak in ctl_getitem()
CVE-2018-7182 ntp: buffer read overrun leads information leak in ctl_getitem()
ctl_getitem() is used by ntpd to process incoming mode 6 packets. A malicious mode 6 packet can be sent to an ntpd instance, and if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will cause ctl_getitem() to read past the end of its buffer.
References:
http://support.ntp.org/bin/view/Main/NtpBug3412
Discussion:
Created ntp tracking bugs for this issue:
Affects: fedora-all [bug 1550228]
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlhttp://support.ntp.org/bin/view/Main/NtpBug3412http://www.securityfocus.com/archive/1/541824/100/0/threadedhttp://www.securityfocus.com/bid/103191https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.aschttps://security.gentoo.org/glsa/201805-12https://security.netapp.com/advisory/ntap-20180626-0001/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://usn.ubuntu.com/3707-1/https://www.exploit-db.com/exploits/45846/https://www.synology.com/support/security/Synology_SA_18_13http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlhttp://support.ntp.org/bin/view/Main/NtpBug3412http://www.securityfocus.com/archive/1/541824/100/0/threadedhttp://www.securityfocus.com/bid/103191https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.aschttps://security.gentoo.org/glsa/201805-12https://security.netapp.com/advisory/ntap-20180626-0001/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://usn.ubuntu.com/3707-1/https://www.exploit-db.com/exploits/45846/https://www.synology.com/support/security/Synology_SA_18_13
2018-03-06
Published