Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2018-7185

Published: 06/03/2018 Updated: 24/08/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Ntp

Vulnerability Summary

The protocol engine in ntp 4.2.6 prior to 4.2.8p11 allows a remote malicious users to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp

ntp ntp 4.2.8

synology diskstation manager

synology router manager

synology skynas

synology virtual diskstation manager

synology vs960hd_firmware

canonical ubuntu linux 18.04

canonical ubuntu linux 12.04

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 17.10

netapp hci -

netapp solidfire -

hpe hpux-ntp

oracle fujitsu_m10-1_firmware

oracle fujitsu_m10-4_firmware

oracle fujitsu_m10-4s_firmware

oracle fujitsu_m12-1_firmware

oracle fujitsu_m12-2_firmware

oracle fujitsu_m12-2s_firmware

Vendor Advisories

Ubuntu Security Notice: ntp vulnerabilities
Several security issues were fixed in NTP ...
Ubuntu Security Notice: ntp vulnerabilities
Several security issues were fixed in NTP ...
Amazon Linux AMI: ALAS-2018-1009
Ephemeral association time spoofing additional protectionntpd in ntp 42x before 428p7 and 43x before 4392 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack This issue exists because of an ...
Red Hat: CVE-2018-7185
The protocol engine in ntp 426 before 428p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association ...
Arch Linux Issues:
The NTP Protocol allows for both non-authenticated and authenticated associations, in client/server, symmetric (peer), and several broadcast modes In addition to the basic NTP operational modes, symmetric mode and broadcast servers can support an interleaved mode of operation In ntp-428p4 a bug was inadvertently introduced into the protocol eng ...

References

NVD-CWE-noinfohttp://support.ntp.org/bin/view/Main/NtpBug3454http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.aschttp://www.securityfocus.com/bid/103339https://www.synology.com/support/security/Synology_SA_18_13https://security.netapp.com/advisory/ntap-20180626-0001/https://usn.ubuntu.com/3707-1/http://www.securityfocus.com/archive/1/541824/100/0/threadedhttps://security.gentoo.org/glsa/201805-12https://usn.ubuntu.com/3707-2/https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://nvd.nist.govhttps://usn.ubuntu.com/3707-2/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook