CVE-2018-7184

11 documents9 sources

Severity

7.5HIGH

EPSS

13.1%

top 5.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ubuntu Linux NTP NTP Slackware Slackware Linux +2 more

Timeline

PublishedMar 6

Latest updateMay 13

Description

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶Debianntp< 1:4.2.8p11+dfsg-1

▶NVDntp/ntp4.2.8

▶NVDsynology/router_manager1.1

▶NVDslackware/slackware_linux14.0, 14.1, 14.2+2

▶NVDsynology/diskstation_manager5.2, 6.0, 6.1+2

Also affects: Ubuntu Linux 14.04, 16.04, 17.10, 18.04

🔴Vulnerability Details

GHSA

GHSA-rf4v-73h8-p6f7: ntpd in ntp 4↗2022-05-13

▶

OSV

ntp vulnerabilities↗2018-07-09

▶

OSV

CVE-2018-7184: ntpd in ntp 4↗2018-03-06

▶

CVEList

CVE-2018-7184: ntpd in ntp 4↗2018-03-06

▶

📋Vendor Advisories

Ubuntu

NTP vulnerabilities↗2018-07-09

▶

BSD

FreeBSD-SA-18:02.ntp: Multiple vulnerabilities of ntp↗2018-03-07

▶

Red Hat

ntp: Interleaved symmetric mode cannot recover from bad state↗2018-02-27

▶

Debian

CVE-2018-7184: ntp - ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "recei...↗2018

▶

💬Community

Bugzilla

CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]↗2018-02-28

▶

Bugzilla

CVE-2018-7184 ntp: Interleaved symmetric mode cannot recover from bad state↗2018-02-28

▶