Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
445
VMScore

CVE-2018-7184

Published: 06/03/2018 Updated: 24/08/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Ntp

Vulnerability Summary

ntpd in ntp 4.2.8p4 prior to 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote malicious users to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp 4.2.8

synology skynas -

synology router manager 1.1

synology diskstation manager 6.1

synology diskstation manager 6.0

synology virtual diskstation manager -

synology diskstation manager 5.2

synology vs960hd firmware -

slackware slackware linux 14.0

slackware slackware linux 14.1

slackware slackware linux 14.2

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 17.10

canonical ubuntu linux 18.04

netapp steelstore cloud integrated storage -

netapp cloud backup -

Vendor Advisories

Ubuntu Security Notice: ntp vulnerabilities
Several security issues were fixed in NTP ...
Amazon Linux AMI: ALAS-2018-1009
Ephemeral association time spoofing additional protectionntpd in ntp 42x before 428p7 and 43x before 4392 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack This issue exists because of an ...
Red Hat: CVE-2018-7184
ntpd in ntp 428p4 before 428p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp This issue is a result of an in ...
Arch Linux Issues:
The fix for NtpBug2952 was incomplete, and while it fixed one problem it created another Specifically, it drops bad packets before updating the "received" timestamp This means a third-party can inject a packet with a zero-origin timestamp, meaning the sender wants to reset the association, and the transmit timestamp in this bogus packet will be s ...

References

NVD-CWE-noinfohttp://www.securityfocus.com/bid/103192http://support.ntp.org/bin/view/Main/NtpBug3453http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.aschttps://www.synology.com/support/security/Synology_SA_18_13https://security.netapp.com/advisory/ntap-20180626-0001/https://usn.ubuntu.com/3707-1/http://www.securityfocus.com/archive/1/541824/100/0/threadedhttps://security.gentoo.org/glsa/201805-12https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://nvd.nist.govhttps://usn.ubuntu.com/3707-1/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook