Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-7185

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

Related bugs and status

CVE-2018-7185 (Candidate) is related to these bugs:

Bug #1773921: merge ntp 1:4.2.8p11+dfsg-1 for cosmic

Summary				In	Importance	Status
	1773921	merge ntp 1:4.2.8p11+dfsg-1 for cosmic		ntp (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://packetstormsecu...
CONFIRM: http://support.ntp.org...
FREEBSD: FreeBSD-SA-18:02
BID: 103339
CONFIRM: https://www.synology.c...
CONFIRM: https://security.netap...
UBUNTU: USN-3707-1
BUGTRAQ: 20180301 [Newsletter/M...
GENTOO: GLSA-201805-12
UBUNTU: USN-3707-2
MISC: https://www.oracle.com...
CONFIRM: https://support.hpe.co...