Symantec Security ResponseSMNTC-103339NTP CVE-2018-7185 Denial of Service Vulnerability
Description
NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. NTP version 4.2.6 prior to 4.2.8p11 are vulnerable.
Technologies Affected
- IBM AIX 5.3
- IBM AIX 6.1
- IBM AIX 7.1
- IBM Aix 7.2
- IBM Vios 2.2.0
- IBM Vios 2.2.0.10
- IBM Vios 2.2.0.11
- IBM Vios 2.2.0.12
- IBM Vios 2.2.0.13
- IBM Vios 2.2.1.0
- IBM Vios 2.2.1.1
- IBM Vios 2.2.1.3
- IBM Vios 2.2.1.4
- IBM Vios 2.2.2.0
- IBM Vios 2.2.2.4
- IBM Vios 2.2.2.5
- IBM Vios 2.2.2.6
- IBM Vios 2.2.3
- IBM Vios 2.2.3.0
- IBM Vios 2.2.3.2
- IBM Vios 2.2.3.3
- IBM Vios 2.2.3.4
- IBM Vios 2.2.3.50
- IBM Vios 2.2.4.0
- NTP NTP 4.2.6
- NTP NTP 4.2.7p11
- NTP NTP 4.2.7p111
- NTP NTP 4.2.7p22
- NTP NTP 4.2.7p366
- NTP NTP 4.2.7p385
- NTP NTP 4.2.8
- NTP NTP 4.2.8p1
- NTP NTP 4.2.8p10
- NTP NTP 4.2.8p2
- NTP NTP 4.2.8p3
- NTP NTP 4.2.8p4
- NTP NTP 4.2.8p5
- NTP NTP 4.2.8p6
- NTP NTP 4.2.8p7
- NTP NTP 4.2.8p8
- NTP NTP 4.2.8p9
- Oracle Fujitsu M10-1 Server XCP 2230
- Oracle Fujitsu M10-1 Server XCP 2271
- Oracle Fujitsu M10-1 Server XCP 2280
- Oracle Fujitsu M10-1 Server XCP 2290
- Oracle Fujitsu M10-1 Server XCP 2320
- Oracle Fujitsu M10-1 Server XCP 2360
- Oracle Fujitsu M10-1 Server XCP 3050
- Oracle Fujitsu M10-1 Server XCP 3052
- Oracle Fujitsu M10-1 Server XCP 3053
- Oracle Fujitsu M10-1 Server XCP 3060
- Oracle Fujitsu M10-4 Server XCP 2230
- Oracle Fujitsu M10-4 Server XCP 2271
- Oracle Fujitsu M10-4 Server XCP 2280
- Oracle Fujitsu M10-4 Server XCP 2290
- Oracle Fujitsu M10-4 Server XCP 2320
- Oracle Fujitsu M10-4 Server XCP 2360
- Oracle Fujitsu M10-4 Server XCP 3050
- Oracle Fujitsu M10-4 Server XCP 3052
- Oracle Fujitsu M10-4 Server XCP 3053
- Oracle Fujitsu M10-4 Server XCP 3060
- Oracle Fujitsu M10-4S Server XCP 2230
- Oracle Fujitsu M10-4S Server XCP 2271
- Oracle Fujitsu M10-4S Server XCP 2280
- Oracle Fujitsu M10-4S Server XCP 2290
- Oracle Fujitsu M10-4S Server XCP 2320
- Oracle Fujitsu M10-4S Server XCP 2360
- Oracle Fujitsu M10-4S Server XCP 3050
- Oracle Fujitsu M10-4S Server XCP 3052
- Oracle Fujitsu M10-4S Server XCP 3053
- Oracle Fujitsu M10-4S Server XCP 3060
- Oracle Fujitsu M12-1 Server XCP 2230
- Oracle Fujitsu M12-1 Server XCP 2290
- Oracle Fujitsu M12-1 Server XCP 2320
- Oracle Fujitsu M12-1 Server XCP 2360
- Oracle Fujitsu M12-1 Server XCP 3000
- Oracle Fujitsu M12-1 Server XCP 3050
- Oracle Fujitsu M12-1 Server XCP 3052
- Oracle Fujitsu M12-1 Server XCP 3053
- Oracle Fujitsu M12-1 Server XCP 3060
- Oracle Fujitsu M12-2 Server XCP 2230
- Oracle Fujitsu M12-2 Server XCP 2290
- Oracle Fujitsu M12-2 Server XCP 2320
- Oracle Fujitsu M12-2 Server XCP 2360
- Oracle Fujitsu M12-2 Server XCP 3000
- Oracle Fujitsu M12-2 Server XCP 3050
- Oracle Fujitsu M12-2 Server XCP 3052
- Oracle Fujitsu M12-2 Server XCP 3053
- Oracle Fujitsu M12-2 Server XCP 3060
- Oracle Fujitsu M12-2S Server XCP 2230
- Oracle Fujitsu M12-2S Server XCP 2290
- Oracle Fujitsu M12-2S Server XCP 2320
- Oracle Fujitsu M12-2S Server XCP 2360
- Oracle Fujitsu M12-2S Server XCP 3000
- Oracle Fujitsu M12-2S Server XCP 3050
- Oracle Fujitsu M12-2S Server XCP 3052
- Oracle Fujitsu M12-2S Server XCP 3053
- Oracle Fujitsu M12-2S Server XCP 3060
- Oracle Solaris 11.3
Recommendations
Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.
Run all software as a nonprivileged user with minimal access rights.
Attackers may successfully exploit client flaws in the browser through HTML-injection vulnerabilities. When possible, run all software as a user with minimal privileges and limited access to system resources. Use additional precautions such as restrictive environments to insulate software that may potentially handle malicious content.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review its logs regularly.
Updates are available. Please see the references or vendor advisory for more information.
Related
