PT-2018-2208 · Ntp+5 · Ntpd+5

Michael Macnair

Published

2018-03-04

Updated

2024-06-15

CVE-2018-7183

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ntpd versions 4.2.8p6 through 4.2.8p10

Description The issue is caused by a buffer overflow in the decodearr function in ntpq, which is part of the NTP protocol implementation. This allows a remote attacker to execute arbitrary code by sending a response with a crafted array to an ntpq query. Additionally, there is a risk of Sybil attacks from authenticated peers, where an attacker could create multiple ephemeral associations to win the clock selection of ntpd and modify a victim's clock.

Recommendations For versions 4.2.8p6 through 4.2.8p10, consider disabling the decodearr function in ntpq as a temporary workaround until a patch is available. Restrict access to ntpd to minimize the risk of exploitation. Avoid using ntpq queries that could be used to send crafted arrays until the issue is resolved.

Fix

RCE

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALT-PU-2018-1361

BDU:2019-00216

CVE-2018-7183

MGASA-2018-0195

OPENSUSE-SU-2024:11102-1

SUSE-SU-2018:0808-1

SUSE-SU-2018:0956-1

SUSE-SU-2018:1464-1

SUSE-SU-2018:1765-1

SUSE-SU-2018:1765-2

USN-3707-1

USN-3707-2

Affected Products

Alt Linux

Freebsd

Ibm Aix

Suse

Ubuntu

Ntpd

PT-2018-2208 · Ntp+5 · Ntpd+5

CVE-2018-7183

Weakness Enumeration

Related Identifiers

Affected Products

References · 74