CVE-2018-7184
published 2018-03-06CVE-2018-7184: ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service…
PriorityP341high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
8.86%
94.6th percentile
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | ntp | < ntp 1:4.2.8p11+dfsg-1 (bullseye) | ntp 1:4.2.8p11+dfsg-1 (bullseye) |
| debian | ntpsec | < ntp 1:4.2.8p11+dfsg-1 (bullseye) | ntp 1:4.2.8p11+dfsg-1 (bullseye) |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | >= 0 < 1:4.2.8p11+dfsg-1 | 1:4.2.8p11+dfsg-1 |
| ntp | ntp | >= 0 < 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 |
| ntp | ntp | >= 0 < 1:4.2.8p4+dfsg-3ubuntu5.9 | 1:4.2.8p4+dfsg-3ubuntu5.9 |
| ntp | ntp | >= 0 < 1:4.2.8p10+dfsg-5ubuntu7.1 | 1:4.2.8p10+dfsg-5ubuntu7.1 |
| slackware | slackware_linux | — | — |
| slackware | slackware_linux | — | — |
| slackware | slackware_linux | — | — |
| synology | diskstation_manager | — | — |
| synology | diskstation_manager | — | — |
| synology | diskstation_manager | — | — |
| synology | router_manager | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rf4v-73h8-p6f7: ntpd in ntp 4
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2018-7184 [HIGH] GHSA-rf4v-73h8-p6f7: ntpd in ntp 4
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
OSV
ntp vulnerabilities
osv·2018-07-09·CVSS 7.5
CVE-2018-7182 [HIGH] ntp vulnerabilities
ntp vulnerabilities
Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6
packets. A remote attacker could possibly use this issue to cause ntpd to
crash, resulting in a denial of service. This issue only affected Ubuntu
17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182)
Michael Macnair discovered that NTP incorrectly handled certain responses.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-7183)
Miroslav Lichvar discovered that NTP incorrectly handled certain
zero-origin timestamps. A remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu
18.04 LTS. (CVE-2018-7184)
Miroslav Lichvar discovered that NTP incorrectly handled certain
zero-origin timestamps. A remote at
OSV
CVE-2018-7184: ntpd in ntp 4
osv·2018-03-06·CVSS 7.5
CVE-2018-7184 [HIGH] CVE-2018-7184: ntpd in ntp 4
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
Ubuntu
NTP vulnerabilities
vendor_ubuntu·2018-07-09·CVSS 7.5
CVE-2018-7182 [HIGH] NTP vulnerabilities
Title: NTP vulnerabilities
Summary: Several security issues were fixed in NTP.
Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6
packets. A remote attacker could possibly use this issue to cause ntpd to
crash, resulting in a denial of service. This issue only affected Ubuntu
17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182)
Michael Macnair discovered that NTP incorrectly handled certain responses.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-7183)
Miroslav Lichvar discovered that NTP incorrectly handled certain
zero-origin timestamps. A remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu
18.04 LTS. (CVE-2018-7184)
Miroslav Lichvar discovered that NTP inc
BSD
FreeBSD-SA-18:02.ntp: Multiple vulnerabilities of ntp
bsd_advisories·2018-03-07·CVSS 5.3
CVE-2017-7183 [MEDIUM] FreeBSD-SA-18:02.ntp: Multiple vulnerabilities of ntp
FreeBSD-SA-18:02.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib
Module: ntp
Announced: 2018-03-07
Credits: Network Time Foundation
Affects: All supported versions of FreeBSD.
Corrected: 2018-02-28 09:01:03 UTC (stable/11, 11.1-STABLE)
2018-03-07 05:58:24 UTC (releng/11.1, 11.1-RELEASE-p7)
2018-03-01 04:06:49 UTC (stable/10, 10.4-STABLE)
2018-03-07 05:58:24 UTC (releng/10.4, 10.4-RELEASE-p6)
2018-03-07 05:58:24 UTC (releng/10.3, 10.3-RELEASE-p27)
CVE Name: CVE-2018-7182, CVE-2018-7170, CVE-2018-7184, CVE-2018-7185,
CVE-2018-7183
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The ntpd(8) daemon is an i
Red Hat
ntp: Interleaved symmetric mode cannot recover from bad state
vendor_redhat·2018-02-27·CVSS 7.5
CVE-2018-7184 [HIGH] ntp: Interleaved symmetric mode cannot recover from bad state
ntp: Interleaved symmetric mode cannot recover from bad state
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
Package: ntp (Red Hat Enterprise Linux 5) - Not affected
Package: ntp (Red Hat Enterprise Linux 6) - Not affected
Package: ntp (Red Hat Enterprise Linux 7) - Not affected
Package: ntp (Red Hat Enterprise Linux 8) - Fix deferred
Debian
CVE-2018-7184: ntp - ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "recei...
vendor_debian·2018·CVSS 7.5
CVE-2018-7184 [HIGH] CVE-2018-7184: ntp - ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "recei...
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
Scope: local
bullseye: resolved (fixed in 1:4.2.8p11+dfsg-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]
bugzilla·2018-02-28·CVSS 5.3
CVE-2018-7170 [MEDIUM] CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]
CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mul
Bugzilla
CVE-2018-7184 ntp: Interleaved symmetric mode cannot recover from bad state
bugzilla·2018-02-28·CVSS 7.5
CVE-2018-7184 [HIGH] CVE-2018-7184 ntp: Interleaved symmetric mode cannot recover from bad state
CVE-2018-7184 ntp: Interleaved symmetric mode cannot recover from bad state
The fix for NtpBug2952 was incomplete, and while it fixed one problem it created another. Specifically, it drops bad packets before updating the "received" timestamp. This means a third-party can inject a packet with a zero-origin timestamp, meaning the sender wants to reset the association, and the transmit timestamp in this bogus packet will be saved as the most recent "received" timestamp. The real remote peer does not know this value and this will disrupt the association until the association resets.
References:
http://support.ntp.org/bin/view/Main/NtpBug3453
Discussion:
Created ntp tracking bugs for this issue:
Affects: fedora-all [bug 1550228]
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlhttp://support.ntp.org/bin/view/Main/NtpBug3453http://www.securityfocus.com/archive/1/541824/100/0/threadedhttp://www.securityfocus.com/bid/103192https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.aschttps://security.gentoo.org/glsa/201805-12https://security.netapp.com/advisory/ntap-20180626-0001/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://usn.ubuntu.com/3707-1/https://www.synology.com/support/security/Synology_SA_18_13http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlhttp://support.ntp.org/bin/view/Main/NtpBug3453http://www.securityfocus.com/archive/1/541824/100/0/threadedhttp://www.securityfocus.com/bid/103192https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.aschttps://security.gentoo.org/glsa/201805-12https://security.netapp.com/advisory/ntap-20180626-0001/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://usn.ubuntu.com/3707-1/https://www.synology.com/support/security/Synology_SA_18_13
2018-03-06
Published