Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-8956

Опубликовано: 06 мая 2020
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.

Отчет

As per the researcher this issue only affects NTP versions 4.2.8p10 through 4.2.8p13, which are not shipped with any Red Hat products, therefore they are not affected by this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ntpNot affected
Red Hat Enterprise Linux 6ntpNot affected
Red Hat Enterprise Linux 7ntpNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1848589ntp: ntpd allows remote attackers to prevent a broadcast client from synchronizing its clock

EPSS

Процентиль: 79%
0.01306
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-8956

CVSS3: 5.3
ubuntu
больше 5 лет назад

ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.

nvd логотип

CVE-2018-8956

CVSS3: 5.3
nvd
больше 5 лет назад

ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.

debian логотип

CVE-2018-8956

CVSS3: 5.3
debian
больше 5 лет назад

ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote att ...

github логотип

GHSA-gg7p-jc5w-p68m

github
больше 3 лет назад

ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.

fstec логотип

BDU:2025-03331

CVSS3: 5.3
fstec
больше 5 лет назад

Уязвимость демона ntpd реализации протокола синхронизации времени NTP, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 79%
0.01306
Низкий

5.3 Medium

CVSS3