Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-7183

Published: 08/03/2018 Updated: 20/07/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Ntp

Vulnerability Summary

Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 up to and including 4.2.8p10 allows remote malicious users to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp 4.2.8

freebsd freebsd 10.4

freebsd freebsd 11.1

freebsd freebsd 10.3

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 17.10

canonical ubuntu linux 18.04

netapp element software -

Vendor Advisories

Ubuntu Security Notice: ntp vulnerabilities
Several security issues were fixed in NTP ...
Ubuntu Security Notice: ntp vulnerabilities
Several security issues were fixed in NTP ...
Amazon Linux AMI: ALAS-2018-1009
Ephemeral association time spoofing additional protectionntpd in ntp 42x before 428p7 and 43x before 4392 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack This issue exists because of an ...
Red Hat: CVE-2018-7183
Buffer overflow in the decodearr function in ntpq in ntp 428p6 through 428p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array ...
Arch Linux Issues:
ntpq is a monitoring and control program for ntpd decodearr() is an internal function of ntpq that is used to -- wait for it -- decode an array in a response string when formatted data is being displayed This is a problem in affected versions of ntpq if a maliciously-altered ntpd returns an array result that will trip this bug, or if a bad actor ...

Recent Articles

Now, watch this... Network time protocol bugs sting Juniper operating system
The Register • Richard Chirgwin • 11 Oct 2018

Oh, and there are 21 other vulns to patch Juniper pours a shot of its data centre juice into campus networks

It's time for Juniper Networks' semi-regular bugfest, with 22 fixes announced today, two of which carry a “critical” rating and should be applied immediately. The company's software defined networking-supported NFX Series CPE, if running Junos OS version 18.1, had an insecure default setting in the Juniper Device Manager: CVE-2018-0044 allowed SSH access with an empty password. If you can't upgrade to version 18.1R4 or 18.2R1 or later, double-check that all accounts have strong passwords. Th...

Read more...

References

CWE-787https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.aschttp://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_Shttp://support.ntp.org/bin/view/Main/NtpBug3414http://www.securityfocus.com/bid/103351https://www.synology.com/support/security/Synology_SA_18_13https://security.netapp.com/advisory/ntap-20180626-0001/https://usn.ubuntu.com/3707-1/https://security.gentoo.org/glsa/201805-12https://usn.ubuntu.com/3707-2/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://nvd.nist.govhttps://usn.ubuntu.com/3707-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook