The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
http://support.ntp.org/bin/view/Main/NtpBug3454
http://www.securityfocus.com/archive/1/541824/100/0/threaded
http://www.securityfocus.com/bid/103339
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
https://security.gentoo.org/glsa/201805-12
https://security.netapp.com/advisory/ntap-20180626-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
https://usn.ubuntu.com/3707-1/
https://usn.ubuntu.com/3707-2/
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Source: MITRE
Published: 2018-03-06
Updated: 2020-08-24
Type: NVD-CWE-noinfo
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
OR
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*
OR
cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:synology:skynas:*:*:*:*:*:*:*:*
cpe:2.3:a:synology:virtual_diskstation_manager:*:*:*:*:*:*:*:*
AND
OR
OR
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
129259 | EulerOS 2.0 SP3 : ntp (EulerOS-SA-2019-2066) | Nessus | Huawei Local Security Checks | high |
126847 | EulerOS 2.0 SP2 : ntp (EulerOS-SA-2019-1719) | Nessus | Huawei Local Security Checks | high |
125010 | EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1557) | Nessus | Huawei Local Security Checks | high |
124450 | EulerOS 2.0 SP5 : ntp (EulerOS-SA-2019-1323) | Nessus | Huawei Local Security Checks | high |
123908 | EulerOS Virtualization 2.5.3 : ntp (EulerOS-SA-2019-1222) | Nessus | Huawei Local Security Checks | high |
121863 | Photon OS 1.0: Ntp PHSA-2018-1.0-0167 | Nessus | PhotonOS Local Security Checks | high |
118269 | SUSE SLES12 Security Update : ntp (SUSE-SU-2018:1765-2) | Nessus | SuSE Local Security Checks | high |
111946 | Photon OS 1.0: Blktrace / Libmspack / Ntp / Openjdk / Perl / Systemd / Vim PHSA-2018-1.0-0167 (deprecated) | Nessus | PhotonOS Local Security Checks | high |
110974 | Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : ntp vulnerabilities (USN-3707-1) | Nessus | Ubuntu Local Security Checks | high |
110639 | SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2018:1765-1) | Nessus | SuSE Local Security Checks | high |
110224 | SUSE SLES12 Security Update : ntp (SUSE-SU-2018:1464-1) | Nessus | SuSE Local Security Checks | high |
110176 | GLSA-201805-12 : NTP: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
109697 | Amazon Linux AMI : ntp (ALAS-2018-1009) | Nessus | Amazon Linux Local Security Checks | high |
109102 | openSUSE Security Update : ntp (openSUSE-2018-376) | Nessus | SuSE Local Security Checks | high |
109085 | SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2018:0956-1) | Nessus | SuSE Local Security Checks | high |
108651 | SUSE SLES11 Security Update : ntp (SUSE-SU-2018:0808-1) | Nessus | SuSE Local Security Checks | high |
107258 | Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p11 Multiple Vulnerabilities | Nessus | Misc. | high |
107103 | Slackware 14.0 / 14.1 / 14.2 / current : ntp (SSA:2018-060-02) | Nessus | Slackware Local Security Checks | medium |
107046 | FreeBSD : ntp -- multiple vulnerabilities (af485ef4-1c58-11e8-8477-d05099c0ae8c) | Nessus | FreeBSD Local Security Checks | high |