CVE-2018-7185

CVE-2018-7185

Name

CVE-2018-7185

Description

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Mitigation	http://support.ntp.org/bin/view/Main/NtpBug3454
Third Party Advisory	http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
Third Party Advisory	https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
Third Party Advisory	http://www.securityfocus.com/bid/103339
Third Party Advisory	https://www.synology.com/support/security/Synology_SA_18_13
Third Party Advisory	https://security.netapp.com/advisory/ntap-20180626-0001/
Third Party Advisory	https://usn.ubuntu.com/3707-1/
Third Party Advisory	http://www.securityfocus.com/archive/1/541824/100/0/threaded
Third Party Advisory	https://security.gentoo.org/glsa/201805-12
Third Party Advisory	https://usn.ubuntu.com/3707-2/
Third Party Advisory	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Third Party Advisory	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

Type

URI

Mitigation

http://support.ntp.org/bin/view/Main/NtpBug3454

Third Party Advisory

http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html

Third Party Advisory

https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc

Third Party Advisory

http://www.securityfocus.com/bid/103339

Third Party Advisory

https://www.synology.com/support/security/Synology_SA_18_13