Description
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: Low
Affected Packages2 packages
🔴Vulnerability Details
3GHSAGHSA-gg7p-jc5w-p68m: ntpd in ntp 4↗2022-05-24 CVEListCVE-2018-8956: ntpd in ntp 4↗2020-05-06 OSVCVE-2018-8956: ntpd in ntp 4↗2020-05-06 📋Vendor Advisories
2Red Hatntp: ntpd allows remote attackers to prevent a broadcast client from synchronizing its clock↗2020-05-06 DebianCVE-2018-8956: ntp - ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to ...↗2018 📄Research Papers
1arXivPreventing Time Synchronization in NTP's Broadcast Mode↗2020-05-14 💬Community
2BugzillaCVE-2018-8956 ntp: ntpd allows remote attackers to prevent a broadcast client from synchronizing its clock↗2020-06-18 BugzillaCVE-2018-8956 ntp: ntpd allows remote attackers to prevent a broadcast client from synchronizing its clock [fedora-all]↗2020-06-18