CVE-2018-8956

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions ntp versions 4.2.8p10 through 4.2.8p13

Description The issue allows remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.

Recommendations For ntp versions 4.2.8p10 through 4.2.8p13, consider restricting access to the broadcast network to minimize the risk of exploitation. As a temporary workaround, restrict the use of soofed mode 3 and mode 5 packets until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Resource Exhaustion

Memory Leak

Use of Insufficiently Random Values

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-401CWE-330CWE-20

Related Identifiers

ALT-PU-2020-1552

ALT-PU-2020-1678

BDU:2020-03219

BDU:2020-03220

BDU:2024-07287

BDU:2025-03331

CVE-2018-8956

OPENSUSE-SU-2020:0934-1

OPENSUSE-SU-2020:1007-1

OPENSUSE-SU-2020_0934-1

OPENSUSE-SU-2020_1007-1

OPENSUSE-SU-2024:11102-1

SUSE-SU-2020:14415-1

SUSE-SU-2020:1805-1

SUSE-SU-2020:1823-1

SUSE-SU-2020_14415-1

SUSE-SU-2020_1805-1

SUSE-SU-2020_1823-1

Affected Products

Alt Linux

Astra Linux

Red Os

Suse

Ntp

CVE-2018-8956

Weakness Enumeration

Related Identifiers

Affected Products

References · 76