CVE-2018-7184
Description
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the received timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
13.128
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Network Time Protocol daemon and utility programs (USN-3707-1) ntp_4.2.8p4+dfsg-3ubuntu5.9_i386.deb | Linux |
| Network Time Protocol daemon and utility programs (USN-3707-1) ntp_4.2.8p4+dfsg-3ubuntu5.9_amd64.deb | Linux |
| Network Time Protocol daemon and utility programs (USN-3707-1) ntp_4.2.8p10+dfsg-5ubuntu3.3_i386.deb | Linux |
| Network Time Protocol daemon and utility programs (USN-3707-1) ntp_4.2.8p10+dfsg-5ubuntu3.3_amd64.deb | Linux |
| Network Time Protocol daemon and utility programs (USN-3707-1) ntp_4.2.8p10+dfsg-5ubuntu7.1_i386.deb | Linux |
| Network Time Protocol daemon and utility programs (USN-3707-1) ntp_4.2.8p10+dfsg-5ubuntu7.1_amd64.deb | Linux |
| Network Time Protocol daemon and utility programs (USN-3707-1) ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.13_i386.deb | Linux |
| Network Time Protocol daemon and utility programs (USN-3707-1) ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.13_amd64.deb | Linux |
| CVE-2018-7184 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234