CVE-2018-7183

HIGH

Description

Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.

References

http://support.ntp.org/bin/view/Main/NtpBug3414

http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S

http://www.securityfocus.com/bid/103351

https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc

https://security.gentoo.org/glsa/201805-12

https://security.netapp.com/advisory/ntap-20180626-0001/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

https://usn.ubuntu.com/3707-1/

https://usn.ubuntu.com/3707-2/

https://www.synology.com/support/security/Synology_SA_18_13

Details

Source: MITRE

Published: 2018-03-08

Updated: 2020-08-24

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

Configuration 4

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 5

OR

cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
142303EulerOS 2.0 SP2 : ntp (EulerOS-SA-2020-2374)NessusHuawei Local Security Checks
high
135619EulerOS Virtualization 3.0.2.2 : ntp (EulerOS-SA-2020-1457)NessusHuawei Local Security Checks
high
134499EulerOS Virtualization for ARM 64 3.0.2.0 : ntp (EulerOS-SA-2020-1210)NessusHuawei Local Security Checks
high
130677EulerOS 2.0 SP5 : ntp (EulerOS-SA-2019-2215)NessusHuawei Local Security Checks
high
125551Symantec Content Analysis < 2.3.5.1 affected by Multiple Vulnerabilities (SYMSA1451)NessusMisc.
high
121863Photon OS 1.0: Ntp PHSA-2018-1.0-0167NessusPhotonOS Local Security Checks
high
118269SUSE SLES12 Security Update : ntp (SUSE-SU-2018:1765-2)NessusSuSE Local Security Checks
high
111946Photon OS 1.0: Blktrace / Libmspack / Ntp / Openjdk / Perl / Systemd / Vim PHSA-2018-1.0-0167 (deprecated)NessusPhotonOS Local Security Checks
high
110974Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : ntp vulnerabilities (USN-3707-1)NessusUbuntu Local Security Checks
high
110639SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2018:1765-1)NessusSuSE Local Security Checks
high
110224SUSE SLES12 Security Update : ntp (SUSE-SU-2018:1464-1)NessusSuSE Local Security Checks
high
110176GLSA-201805-12 : NTP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
109697Amazon Linux AMI : ntp (ALAS-2018-1009)NessusAmazon Linux Local Security Checks
high
109102openSUSE Security Update : ntp (openSUSE-2018-376)NessusSuSE Local Security Checks
high
109085SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2018:0956-1)NessusSuSE Local Security Checks
high
108651SUSE SLES11 Security Update : ntp (SUSE-SU-2018:0808-1)NessusSuSE Local Security Checks
high
107258Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p11 Multiple VulnerabilitiesNessusMisc.
high
107046FreeBSD : ntp -- multiple vulnerabilities (af485ef4-1c58-11e8-8477-d05099c0ae8c)NessusFreeBSD Local Security Checks
high