CVE-2018-7185
published 2018-03-06CVE-2018-7185: The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
9.24%
94.7th percentile
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
Affected
54 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | ntp | < ntp 1:4.2.8p11+dfsg-1 (bullseye) | ntp 1:4.2.8p11+dfsg-1 (bullseye) |
| debian | ntpsec | < ntp 1:4.2.8p11+dfsg-1 (bullseye) | ntp 1:4.2.8p11+dfsg-1 (bullseye) |
| hpe | hpux-ntp | < c.4.2.8.4.0 | c.4.2.8.4.0 |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v5hv-rggx-r8xg: The protocol engine in ntp 4
ghsa_unreviewed·2022-05-13
CVE-2018-7185 [HIGH] GHSA-v5hv-rggx-r8xg: The protocol engine in ntp 4
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
OSV
ntp vulnerabilities
osv·2018-07-09·CVSS 7.5
CVE-2018-7182 [HIGH] ntp vulnerabilities
ntp vulnerabilities
Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6
packets. A remote attacker could possibly use this issue to cause ntpd to
crash, resulting in a denial of service. This issue only affected Ubuntu
17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182)
Michael Macnair discovered that NTP incorrectly handled certain responses.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-7183)
Miroslav Lichvar discovered that NTP incorrectly handled certain
zero-origin timestamps. A remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu
18.04 LTS. (CVE-2018-7184)
Miroslav Lichvar discovered that NTP incorrectly handled certain
zero-origin timestamps. A remote at
OSV
CVE-2018-7185: The protocol engine in ntp 4
osv·2018-03-06·CVSS 7.5
CVE-2018-7185 [HIGH] CVE-2018-7185: The protocol engine in ntp 4
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
Ubuntu
NTP vulnerabilities
vendor_ubuntu·2019-01-23·CVSS 7.5
CVE-2016-7426 [HIGH] NTP vulnerabilities
Title: NTP vulnerabilities
Summary: Several security issues were fixed in NTP.
USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
addresses when performing rate limiting. A remote attacker could possibly
use this issue to perform a denial of service. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted
broadcast mode packets. A remote attacker could possibly use this issue to
perform a denial of service. (CVE-2016-7427, CVE-2016-7428)
Matthew Van Gundy discovered that NTP incorrectly handled certain control
mode packets. A remote attacker could use this issue to set or
Ubuntu
NTP vulnerabilities
vendor_ubuntu·2018-07-09·CVSS 7.5
CVE-2018-7182 [HIGH] NTP vulnerabilities
Title: NTP vulnerabilities
Summary: Several security issues were fixed in NTP.
Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6
packets. A remote attacker could possibly use this issue to cause ntpd to
crash, resulting in a denial of service. This issue only affected Ubuntu
17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182)
Michael Macnair discovered that NTP incorrectly handled certain responses.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-7183)
Miroslav Lichvar discovered that NTP incorrectly handled certain
zero-origin timestamps. A remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu
18.04 LTS. (CVE-2018-7184)
Miroslav Lichvar discovered that NTP inc
BSD
FreeBSD-SA-18:02.ntp: Multiple vulnerabilities of ntp
bsd_advisories·2018-03-07·CVSS 5.3
CVE-2017-7183 [MEDIUM] FreeBSD-SA-18:02.ntp: Multiple vulnerabilities of ntp
FreeBSD-SA-18:02.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib
Module: ntp
Announced: 2018-03-07
Credits: Network Time Foundation
Affects: All supported versions of FreeBSD.
Corrected: 2018-02-28 09:01:03 UTC (stable/11, 11.1-STABLE)
2018-03-07 05:58:24 UTC (releng/11.1, 11.1-RELEASE-p7)
2018-03-01 04:06:49 UTC (stable/10, 10.4-STABLE)
2018-03-07 05:58:24 UTC (releng/10.4, 10.4-RELEASE-p6)
2018-03-07 05:58:24 UTC (releng/10.3, 10.3-RELEASE-p27)
CVE Name: CVE-2018-7182, CVE-2018-7170, CVE-2018-7184, CVE-2018-7185,
CVE-2018-7183
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The ntpd(8) daemon is an i
Red Hat
ntp: Unauthenticated packet can reset authenticated interleaved association
vendor_redhat·2018-02-27·CVSS 7.5
CVE-2018-7185 [HIGH] ntp: Unauthenticated packet can reset authenticated interleaved association
ntp: Unauthenticated packet can reset authenticated interleaved association
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
Mitigation: Remove the "xleave" option from the "peer HOST xleave" lines in your ntp.conf if it exists, to entirely disable interleaved mode.
Package: ntp (Red Hat Enterprise Linux 5) - Not affected
Package: ntp (Red Hat Enterprise Linux 6) - Will not fix
Package: ntp (Red Hat Enterprise Linux 7) - Will not fix
Package: ntp (Red Hat Enterprise Linux 8) - Fix deferred
Debian
CVE-2018-7185: ntp - The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to ca...
vendor_debian·2018·CVSS 7.5
CVE-2018-7185 [HIGH] CVE-2018-7185: ntp - The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to ca...
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
Scope: local
bullseye: resolved (fixed in 1:4.2.8p11+dfsg-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]
bugzilla·2018-02-28·CVSS 5.3
CVE-2018-7170 [MEDIUM] CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]
CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mul
Bugzilla
CVE-2018-7185 ntp: Unauthenticated packet can reset authenticated interleaved association
bugzilla·2018-02-28·CVSS 7.5
CVE-2018-7185 [HIGH] CVE-2018-7185 ntp: Unauthenticated packet can reset authenticated interleaved association
CVE-2018-7185 ntp: Unauthenticated packet can reset authenticated interleaved association
The NTP Protocol allows for both non-authenticated and authenticated associations, in client/server, symmetric (peer), and several broadcast modes. In addition to the basic NTP operational modes, symmetric mode and broadcast servers can support an interleaved mode of operation. In ntp-4.2.8p4 a bug was inadvertently introduced into the protocol engine that allows a non-authenticated zero-origin (reset) packet to reset an authenticated interleaved peer association. If an attacker can send a packet with a zero-origin timestamp and the source IP address of the "other side" of an interleaved association, the 'victim' ntpd will reset its association. The attacker must continue sending these packets in ord
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlhttp://support.ntp.org/bin/view/Main/NtpBug3454http://www.securityfocus.com/archive/1/541824/100/0/threadedhttp://www.securityfocus.com/bid/103339https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.aschttps://security.gentoo.org/glsa/201805-12https://security.netapp.com/advisory/ntap-20180626-0001/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://usn.ubuntu.com/3707-1/https://usn.ubuntu.com/3707-2/https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://www.synology.com/support/security/Synology_SA_18_13http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlhttp://support.ntp.org/bin/view/Main/NtpBug3454http://www.securityfocus.com/archive/1/541824/100/0/threadedhttp://www.securityfocus.com/bid/103339https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.aschttps://security.gentoo.org/glsa/201805-12https://security.netapp.com/advisory/ntap-20180626-0001/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://usn.ubuntu.com/3707-1/https://usn.ubuntu.com/3707-2/https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://www.synology.com/support/security/Synology_SA_18_13
2018-03-06
Published