ID

VAR-201803-1821


CVE

CVE-2018-7184


TITLE

ntp Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002749

DESCRIPTION

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. ntp Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Versions prior to NTP 4.2.8p11 are vulnerable. ntpd is one of the operating system daemons. ========================================================================== Ubuntu Security Notice USN-3707-1 July 09, 2018 ntp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in NTP. Software Description: - ntp: Network Time Protocol daemon and utility programs Details: Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6 packets. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182) Michael Macnair discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-7183) Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7184) Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. (CVE-2018-7185) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: ntp 1:4.2.8p10+dfsg-5ubuntu7.1 Ubuntu 17.10: ntp 1:4.2.8p10+dfsg-5ubuntu3.3 Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.9 Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3707-1 CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185 Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu7.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu3.3 https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.9 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201805-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NTP: Multiple vulnerabilities Date: May 26, 2018 Bugs: #649612 ID: 201805-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in NTP, the worst of which could lead to remote code execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/ntp < 4.2.8_p11 >= 4.2.8_p11 Description =========== Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p11" References ========== [ 1 ] CVE-2018-7170 https://nvd.nist.gov/vuln/detail/CVE-2018-7170 [ 2 ] CVE-2018-7182 https://nvd.nist.gov/vuln/detail/CVE-2018-7182 [ 3 ] CVE-2018-7183 https://nvd.nist.gov/vuln/detail/CVE-2018-7183 [ 4 ] CVE-2018-7184 https://nvd.nist.gov/vuln/detail/CVE-2018-7184 [ 5 ] CVE-2018-7185 https://nvd.nist.gov/vuln/detail/CVE-2018-7185 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201805-12 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2018-060-02) New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. This release addresses five security issues in ntpd: * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. Reported by Matt Van Gundy of Cisco. * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. Reported by Yihan Lian of Qihoo 360. * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations. Reported on the questions@ list. * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association. Reported by Miroslav Lichvar of Red Hat. For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz Slackware x86_64 14.0 package: b2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz Slackware 14.1 package: 78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz Slackware x86_64 14.1 package: e0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz Slackware 14.2 package: 81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz Slackware x86_64 14.2 package: d2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz Slackware -current package: c3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz Slackware x86_64 -current package: fa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK 13MAnR04OluKfiEsJVgO6uWJKXy2HOGq =FRx7 -----END PGP SIGNATURE-----

Trust: 2.25

sources: NVD: CVE-2018-7184 // JVNDB: JVNDB-2018-002749 // BID: 103192 // VULHUB: VHN-137216 // PACKETSTORM: 148455 // PACKETSTORM: 147917 // PACKETSTORM: 146631

AFFECTED PRODUCTS

vendor:ntpmodel:ntpscope:eqversion:4.2.8

Trust: 1.9

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:6.0

Trust: 1.0

vendor:synologymodel:router managerscope:eqversion:1.1

Trust: 1.0

vendor:synologymodel:skynasscope:eqversion: -

Trust: 1.0

vendor:synologymodel:virtual diskstation managerscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:synologymodel:vs960hdscope:eqversion: -

Trust: 1.0

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 1.0

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 1.0

vendor:slackwaremodel:linuxscope:eqversion:14.2

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:5.2

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:17.10

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:6.1

Trust: 1.0

vendor:ntpmodel:ntpscope:ltversion:4.2.8p4 thats all 4.2.8p11

Trust: 0.8

vendor:slackwaremodel:linuxscope: - version: -

Trust: 0.8

vendor:synologymodel:diskstation managerscope: - version: -

Trust: 0.8

vendor:synologymodel:router managerscope: - version: -

Trust: 0.8

vendor:synologymodel:skynasscope: - version: -

Trust: 0.8

vendor:synologymodel:virtual diskstation managerscope: - version: -

Trust: 0.8

vendor:synologymodel:vs960hdscope: - version: -

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:11.3

Trust: 0.3

vendor:ntpmodel:ntpscope:eqversion:4.2.6

Trust: 0.3

vendor:ntpmodel:p74scope:eqversion:4.2.5

Trust: 0.3

vendor:ntpmodel:p153scope:eqversion:4.2.5

Trust: 0.3

vendor:ntpmodel:p150scope:eqversion:4.2.5

Trust: 0.3

vendor:ntpmodel:p8scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p7scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p6scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p5scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.4

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.2

Trust: 0.3

vendor:ntpmodel:p1scope:eqversion:4.2.2

Trust: 0.3

vendor:ntpmodel:4.2.8p9scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p8scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p7scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p6scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p5scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p4scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p3scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p2scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p10scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.8p1scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p385scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p366scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p22scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p111scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.7p11scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.5p3scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.5p203scope: - version: -

Trust: 0.3

vendor:ntpmodel:4.2.5p186scope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.14

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.4.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.50

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.4

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.6

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.4

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.13

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.12

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.11

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.10

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:ntpmodel:4.2.8p11scope:neversion: -

Trust: 0.3

sources: BID: 103192 // JVNDB: JVNDB-2018-002749 // CNNVD: CNNVD-201803-142 // NVD: CVE-2018-7184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7184
value: HIGH

Trust: 1.0

NVD: CVE-2018-7184
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201803-142
value: HIGH

Trust: 0.6

VULHUB: VHN-137216
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7184
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-137216
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7184
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-137216 // JVNDB: JVNDB-2018-002749 // CNNVD: CNNVD-201803-142 // NVD: CVE-2018-7184

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-137216 // JVNDB: JVNDB-2018-002749 // NVD: CVE-2018-7184

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 148455 // PACKETSTORM: 147917 // CNNVD: CNNVD-201803-142

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201803-142

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002749

PATCH

title:NTP Bug 3453url:http://support.ntp.org/bin/view/Main/NtpBug3453

Trust: 0.8

title:Top Pageurl:http://www.slackware.com/

Trust: 0.8

title:Synology-SA-18:13url:https://www.synology.com/support/security/Synology_SA_18_13

Trust: 0.8

title:NTP ntpd Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78916

Trust: 0.6

sources: JVNDB: JVNDB-2018-002749 // CNNVD: CNNVD-201803-142

EXTERNAL IDS

db:NVDid:CVE-2018-7184

Trust: 3.1

db:BIDid:103192

Trust: 2.0

db:PACKETSTORMid:146631

Trust: 1.8

db:JVNDBid:JVNDB-2018-002749

Trust: 0.8

db:CNNVDid:CNNVD-201803-142

Trust: 0.7

db:VULHUBid:VHN-137216

Trust: 0.1

db:PACKETSTORMid:148455

Trust: 0.1

db:PACKETSTORMid:147917

Trust: 0.1

sources: VULHUB: VHN-137216 // BID: 103192 // JVNDB: JVNDB-2018-002749 // PACKETSTORM: 148455 // PACKETSTORM: 147917 // PACKETSTORM: 146631 // CNNVD: CNNVD-201803-142 // NVD: CVE-2018-7184

REFERENCES

url:http://www.securityfocus.com/bid/103192

Trust: 2.3

url:http://packetstormsecurity.com/files/146631/slackware-security-advisory-ntp-updates.html

Trust: 2.3

url:http://support.ntp.org/bin/view/main/ntpbug3453

Trust: 2.0

url:https://security.gentoo.org/glsa/201805-12

Trust: 1.8

url:http://www.securityfocus.com/archive/1/541824/100/0/threaded

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20180626-0001/

Trust: 1.7

url:https://www.synology.com/support/security/synology_sa_18_13

Trust: 1.7

url:https://security.freebsd.org/advisories/freebsd-sa-18:02.ntp.asc

Trust: 1.7

url:https://usn.ubuntu.com/3707-1/

Trust: 1.7

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03962en_us

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-7184

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7184

Trust: 0.9

url:http://www.ntp.org/

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1550218

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-7184

Trust: 0.3

url:https://www.oracle.com/technetwork/topics/security/bulletinapr2018-4443185.html

Trust: 0.3

url:http://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-7185

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-7182

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-7183

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-7170

Trust: 0.2

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-hpesbux03962en_us

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3707-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.9

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu3.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.13

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu7.1

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7182

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7185

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1549

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7170

Trust: 0.1

url:http://support.ntp.org/bin/view/main/securitynotice#february_2018_ntp_4_2_8p11_ntp_s

Trust: 0.1

sources: VULHUB: VHN-137216 // BID: 103192 // JVNDB: JVNDB-2018-002749 // PACKETSTORM: 148455 // PACKETSTORM: 147917 // PACKETSTORM: 146631 // CNNVD: CNNVD-201803-142 // NVD: CVE-2018-7184

CREDITS

unknown

Trust: 0.3

sources: BID: 103192

SOURCES

db:VULHUBid:VHN-137216
db:BIDid:103192
db:JVNDBid:JVNDB-2018-002749
db:PACKETSTORMid:148455
db:PACKETSTORMid:147917
db:PACKETSTORMid:146631
db:CNNVDid:CNNVD-201803-142
db:NVDid:CVE-2018-7184

LAST UPDATE DATE

2024-08-14T12:04:36.581000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-137216date:2020-08-24T00:00:00
db:BIDid:103192date:2018-08-15T10:00:00
db:JVNDBid:JVNDB-2018-002749date:2018-04-27T00:00:00
db:CNNVDid:CNNVD-201803-142date:2020-10-22T00:00:00
db:NVDid:CVE-2018-7184date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:VULHUBid:VHN-137216date:2018-03-06T00:00:00
db:BIDid:103192date:2018-02-27T00:00:00
db:JVNDBid:JVNDB-2018-002749date:2018-04-27T00:00:00
db:PACKETSTORMid:148455date:2018-07-09T23:38:43
db:PACKETSTORMid:147917date:2018-05-26T22:55:24
db:PACKETSTORMid:146631date:2018-03-01T23:35:00
db:CNNVDid:CNNVD-201803-142date:2018-03-07T00:00:00
db:NVDid:CVE-2018-7184date:2018-03-06T20:29:01.437