CVE-2018-7185 — HPE Hpux-ntp vulnerability

11 documents9 sources

Severity

7.5HIGHNVD

EPSS

2.9%

top 13.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NTP HPE Hpux-ntp Oracle Fujitsu M10-1 Firmware +11 more

Timeline

PublishedMar 6

Latest updateMay 13

Description

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages14 packages

▶NVDntp/ntp4.2.6 — 4.2.8+1

▶NVDhpe/hpux-ntp< c.4.2.8.4.0

▶NVDsynology/skynas< 6.1.5-15254

▶NVDsynology/router_manager1.1 — 1.1.6-6931-3

▶NVDsynology/vs960hd_firmware< 2.2.3-1505

Also affects: Ubuntu Linux 12.04, 14.04, 16.04, 17.10, 18.04

🔴Vulnerability Details

GHSA

GHSA-v5hv-rggx-r8xg: The protocol engine in ntp 4↗2022-05-13

▶

OSV

CVE-2018-7185: The protocol engine in ntp 4↗2018-03-06

▶

CVEList

CVE-2018-7185: The protocol engine in ntp 4↗2018-03-06

▶

📋Vendor Advisories

Ubuntu

NTP vulnerabilities↗2019-01-23

▶

Ubuntu

NTP vulnerabilities↗2018-07-09

▶

BSD

FreeBSD-SA-18:02.ntp: Multiple vulnerabilities of ntp↗2018-03-07

▶

Red Hat

ntp: Unauthenticated packet can reset authenticated interleaved association↗2018-02-27

▶

Debian

CVE-2018-7185: ntp - The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to ca...↗2018

▶

💬Community

Bugzilla

CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]↗2018-02-28

▶

Bugzilla

CVE-2018-7185 ntp: Unauthenticated packet can reset authenticated interleaved association↗2018-02-28

▶