{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-28T00:00:00", "descriptions": [{"lang": "en", "value": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-31T18:06:24", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"}, {"name": "103192", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103192"}, {"name": "GLSA-201805-12", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201805-12"}, {"name": "FreeBSD-SA-18:02", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"}, {"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.ntp.org/bin/view/Main/NtpBug3453"}, {"name": "USN-3707-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3707-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/support/security/Synology_SA_18_13"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7184", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"}, {"name": "103192", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103192"}, {"name": "GLSA-201805-12", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201805-12"}, {"name": "FreeBSD-SA-18:02", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"}, {"name": "https://security.netapp.com/advisory/ntap-20180626-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"}, {"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"}, {"name": "http://support.ntp.org/bin/view/Main/NtpBug3453", "refsource": "CONFIRM", "url": "http://support.ntp.org/bin/view/Main/NtpBug3453"}, {"name": "USN-3707-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3707-1/"}, {"name": "https://www.synology.com/support/security/Synology_SA_18_13", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_18_13"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:24:11.248Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"}, {"name": "103192", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103192"}, {"name": "GLSA-201805-12", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201805-12"}, {"name": "FreeBSD-SA-18:02", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"}, {"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.ntp.org/bin/view/Main/NtpBug3453"}, {"name": "USN-3707-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3707-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/support/security/Synology_SA_18_13"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7184", "datePublished": "2018-03-06T20:00:00", "dateReserved": "2018-02-16T00:00:00", "dateUpdated": "2024-08-05T06:24:11.248Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*", "matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*", "matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*", "matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", "matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71", "vulnerable": true}, {"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", "matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:router_manager:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "46261C28-E276-4639-BA3D-A735B02599F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C997777-BE79-4F77-90D7-E1A71D474D88", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:virtual_diskstation_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5342AD6-8273-4215-BA0F-1457A628DB14", "vulnerable": true}, {"criteria": "cpe:2.3:o:synology:diskstation_manager:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "01527614-8A68-48DC-B0A0-F4AA99489221", "vulnerable": true}, {"criteria": "cpe:2.3:o:synology:diskstation_manager:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "65372FA7-B54B-4298-99BF-483E9FEBA253", "vulnerable": true}, {"criteria": "cpe:2.3:o:synology:diskstation_manager:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "3D04EA1A-F8E0-415B-8786-1C8C0F08E132", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C5120-B961-440F-B454-584BC54B549C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "936EF68B-2A93-402C-BED4-20E6EDB2F102", "vulnerable": true}, {"criteria": "cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "F1B46F08-93A8-49D9-AC5D-43E19C062FFA", "vulnerable": true}, {"criteria": "cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*", "matchCriteriaId": "D65ED7B3-FD80-4D2B-B11D-AAABB34C49CA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704."}, {"lang": "es", "value": "ntpd en ntp, en versiones 4.2.8p4 anteriores a la 4.2.8p11, env\u00eda paquetes malos antes de actualizar la marca de tiempo \"received\". Esto permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (interrupci\u00f3n) mediante el env\u00edo de un paquete con una marca de tiempo zero-origin que provoca que la asociaci\u00f3n se restablezca y establezca el contenido del paquete como la marca de tiempo m\u00e1s reciente. Este problema es el resultado de una soluci\u00f3n incompleta para CVE-2015-7704."}], "id": "CVE-2018-7184", "lastModified": "2025-01-14T19:29:55.853", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-06T20:29:01.437", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.ntp.org/bin/view/Main/NtpBug3453"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103192"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201805-12"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"}, {"source": "cve@mitre.org", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3707-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/support/security/Synology_SA_18_13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.ntp.org/bin/view/Main/NtpBug3453"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103192"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201805-12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180626-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3707-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/support/security/Synology_SA_18_13"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ntp: Interleaved symmetric mode cannot recover from bad state", "id": "1550218", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550218"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "details": ["ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704."], "name": "CVE-2018-7184", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-7184\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7184"], "threat_severity": "Low", "upstream_fix": "ntp 4.2.8p11"}