CVE-2018-7182

CVE-2018-7182

Name

CVE-2018-7182

Description

The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Third Party Advisory	http://www.securityfocus.com/bid/103191
Mitigation	http://support.ntp.org/bin/view/Main/NtpBug3412
Third Party Advisory	http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
Patch	https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
Third Party Advisory	https://www.synology.com/support/security/Synology_SA_18_13
Third Party Advisory	https://security.netapp.com/advisory/ntap-20180626-0001/
Third Party Advisory	https://usn.ubuntu.com/3707-1/
Third Party Advisory	http://www.securityfocus.com/archive/1/541824/100/0/threaded
Third Party Advisory	https://security.gentoo.org/glsa/201805-12
Exploit	https://www.exploit-db.com/exploits/45846/
CONFIRM	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

Type

URI

Third Party Advisory

http://www.securityfocus.com/bid/103191

Mitigation

http://support.ntp.org/bin/view/Main/NtpBug3412

Third Party Advisory

http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html

Patch

https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc

Third Party Advisory

https://www.synology.com/support/security/Synology_SA_18_13