ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the
“received” timestamp, which allows remote attackers to cause a denial of
service (disruption) by sending a packet with a zero-origin timestamp
causing the association to reset and setting the contents of the packet as
the most recent timestamp. This issue is a result of an incomplete fix for
CVE-2015-7704.

Bugs

<http://support.ntp.org/bin/view/Main/NtpBug3453>

OSVersionArchitecturePackageVersionFilename
ubuntu17.10noarchntp< 1:4.2.8p10+dfsg-5ubuntu3.3UNKNOWN
ubuntu18.04noarchntp< 1:4.2.8p10+dfsg-5ubuntu7.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	17.10	noarch	ntp	< 1:4.2.8p10+dfsg-5ubuntu3.3	UNKNOWN
ubuntu	18.04	noarch	ntp	< 1:4.2.8p10+dfsg-5ubuntu7.1	UNKNOWN

References

support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S

www.kb.cert.org/vuls/id/961909

launchpad.net/bugs/cve/CVE-2018-7184

nvd.nist.gov/vuln/detail/CVE-2018-7184

security-tracker.debian.org/tracker/CVE-2018-7184

ubuntu.com/security/notices/USN-3707-1

www.cve.org/CVERecord?id=CVE-2018-7184

prion 2

redhatcve 1

debiancve 2

f5 3

cve 2

veracode 1

nessus 56

redhat 2

ubuntucve 3

checkpoint_advisories 1

openvas 47

oraclelinux 3

centos 1

amazon 3

ibm 19

ics 2

cloudfoundry 1

ubuntu 2

citrix 1

gentoo 2

slackware 3

archlinux 2

fedora 6

freebsd 3

symantec 2

mageia 2

freebsd_advisory 2

aix 1

cisco 2

arista 2

suse 9

fortinet 1

osv 2

debian 2

securityvulns 2

photon 2

cert 1

oracle 1

prion

Design/Logic Flaw

2018-03-06 20:29:00

Code injection

2017-08-07 20:29:00

redhatcve

CVE-2018-7184

2018-02-28 19:49:03

debiancve

CVE-2018-7184

2018-03-06 20:29:00

CVE-2015-7704

2017-08-07 20:29:00

K13540723 : NTP vulnerability CVE-2018-7184

2018-03-26 00:00:00

SOL17566 - NTP vulnerability CVE-2015-7704

2015-11-05 00:00:00

K17566 : NTP vulnerability CVE-2015-7704

2015-11-10 00:00:00

cve

CVE-2018-7184

2018-03-06 20:29:00

CVE-2015-7704

2017-08-07 20:29:00

veracode

Denial Of Service (DoS)

2019-01-15 09:08:52

nessus

F5 Networks BIG-IP : NTP vulnerability (K17566)

2015-11-06 00:00:00

RHEL 6 : ntp (RHSA-2015:2520)

2015-11-30 00:00:00

Rockwell Automation Stratix Denial of Service by Spoofed Kiss-o'-Death (CVE-2015-7704)

2023-11-15 00:00:00

redhat

(RHSA-2015:2520) Important: ntp security update

2015-11-26 00:00:00

(RHSA-2015:1930) Important: ntp security update

2015-10-26 00:00:00

ubuntucve

CVE-2015-7704

2015-10-22 00:00:00

CVE-2015-7705

2015-10-22 00:00:00

CVE-2015-8138

2015-12-31 00:00:00

checkpoint_advisories

NTP Kiss-o-Death Packet Denial of Service - Ver2 (CVE-2015-7704)

2018-06-25 00:00:00

openvas

Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-1210)

2020-03-13 00:00:00

Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2019-2215)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-2374)

2020-11-04 00:00:00

oraclelinux

ntp security update

2015-10-26 00:00:00

ntp security, bug fix, and enhancement update

2015-11-23 00:00:00

ntp security and bug fix update

2016-05-12 00:00:00

centos

ntp, ntpdate, sntp security update

2015-10-26 15:51:06

amazon

Medium: ntp

2018-05-10 17:01:00

Medium: ntp

2018-05-10 17:11:00

Important: ntp

2015-10-27 16:42:00

ibm

Security Bulletin: Vulnerabilities in Network Time Protocol (NTP) affect IBM Security Identity Governance Appliance (CVE-2015-5300 CVE-2015-7704 CVE-2015-8138 )

2018-06-16 21:41:35

Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-5300, CVE-2015-7704, and CVE-2015-8138)

2018-06-16 21:40:41

Security Bulletin: Vulnerabilities in ntp affect Power Hardware Management Console (CVE-2015-5300, CVE-2015-7704, CVE-2015-8138)

2021-09-23 01:31:39

ics

Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities

2018-08-27 12:00:00

Rockwell Automation Stratix 5900

2017-05-10 12:00:00

cloudfoundry

USN-3707-1: NTP vulnerabilities | Cloud Foundry

2018-07-19 00:00:00

ubuntu

NTP vulnerabilities

2018-07-09 00:00:00

NTP vulnerabilities

2015-10-27 00:00:00

citrix

Citrix XenServer Multiple Security Updates

2017-01-25 05:00:00

gentoo

NTP: Multiple vulnerabilities

2018-05-26 00:00:00

NTP: Multiple vulnerabilities

2016-07-20 00:00:00

slackware

[slackware-security] ntp

2018-03-01 23:49:07

[slackware-security] ntp

2016-04-29 21:57:25

[slackware-security] ntp

2015-10-29 22:49:05

archlinux

[ASA-201803-11] ntp: multiple issues

2018-03-16 00:00:00

ntp: multiple issues

2015-10-22 00:00:00

fedora

[SECURITY] Fedora 27 Update: ntp-4.2.8p11-1.fc27

2018-03-27 20:16:30

[SECURITY] Fedora 26 Update: ntp-4.2.8p11-1.fc26

2018-03-27 19:30:28

[SECURITY] Fedora 23 Update: ntp-4.2.6p5-34.fc23

2015-11-02 18:55:43

freebsd

ntp -- multiple vulnerabilities

2018-02-27 00:00:00

ntp -- multiple vulnerabilities

2016-04-26 00:00:00

ntp -- 13 low- and medium-severity vulnerabilities

2015-10-21 00:00:00

symantec

SA165: NTP Vulnerabilities February 2018

2018-04-26 08:00:00

SA103 : October 2015 NTP Security Vulnerabilities

2015-11-24 08:00:00

mageia

Updated ntp packages fix security vulnerabilities

2018-04-07 01:54:47

Updated ntp packages fixes security vulnerabilities

2015-10-26 00:50:36

freebsd_advisory

FreeBSD-SA-18:02.ntp

2018-03-07 00:00:00

FreeBSD-SA-15:25.ntp

2015-10-26 00:00:00

aix

Vulnerabilities in NTP affect AIX,Vulnerabilities in NTP affect VIOS

2018-08-14 14:48:57

cisco

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016

2016-04-28 09:00:00

Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015

2015-10-21 23:00:00

arista

Security Advisory 0019

2018-04-25 00:00:00

Security Advisory 0016

2015-11-04 00:00:00

suse

Security update for ntp (important)

2016-05-12 20:09:15

Security update for ntp (important)

2016-05-18 14:10:13

Security update for ntp (important)

2016-06-01 18:08:21

fortinet

ntp-4.2.8p7 Security Vulnerability Announcement April 2016

2017-04-03 00:00:00

osv

ntp - security update

2015-11-01 00:00:00

ntp - security update

2015-10-28 00:00:00

debian

[SECURITY] [DLA 335-1] ntp security update

2015-10-28 20:45:05

[SECURITY] [DSA 3388-1] ntp security update

2015-11-01 22:20:55

securityvulns

ntp multiple security vulnerabilities

2015-11-01 00:00:00

[USN-2783-1] NTP vulnerabilities

2015-11-01 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0167

2018-07-27 00:00:00

Critical Photon OS Security Update - PHSA-2018-0167

2018-07-27 00:00:00

cert

NTP.org ntpd contains multiple vulnerabilities

2016-04-27 00:00:00

oracle

Oracle Critical Patch Update - July 2016

2016-07-19 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.036 Low

EPSS

Percentile

91.5%

JSON

Related for UB:CVE-2018-7184