CVE-2018-7185

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the other side of an interleaved association causing the victim ntpd to reset its association.

Affected Software

Name	Vendor	Start Version	End Version
Ntp	Ntp	4.2.6 (including)	4.2.8 (excluding)
Ntp	Ntp	4.2.8 (including)	4.2.8 (including)
Ntp	Ntp	4.2.8-p1 (including)	4.2.8-p1 (including)
Ntp	Ntp	4.2.8-p1-beta1 (including)	4.2.8-p1-beta1 (including)
Ntp	Ntp	4.2.8-p1-beta2 (including)	4.2.8-p1-beta2 (including)
Ntp	Ntp	4.2.8-p1-beta3 (including)	4.2.8-p1-beta3 (including)
Ntp	Ntp	4.2.8-p1-beta4 (including)	4.2.8-p1-beta4 (including)
Ntp	Ntp	4.2.8-p1-beta5 (including)	4.2.8-p1-beta5 (including)
Ntp	Ntp	4.2.8-p1-rc1 (including)	4.2.8-p1-rc1 (including)
Ntp	Ntp	4.2.8-p1-rc2 (including)	4.2.8-p1-rc2 (including)
Ntp	Ntp	4.2.8-p10 (including)	4.2.8-p10 (including)
Ntp	Ntp	4.2.8-p2 (including)	4.2.8-p2 (including)
Ntp	Ntp	4.2.8-p2-rc1 (including)	4.2.8-p2-rc1 (including)
Ntp	Ntp	4.2.8-p2-rc2 (including)	4.2.8-p2-rc2 (including)
Ntp	Ntp	4.2.8-p2-rc3 (including)	4.2.8-p2-rc3 (including)
Ntp	Ntp	4.2.8-p3 (including)	4.2.8-p3 (including)
Ntp	Ntp	4.2.8-p3-rc1 (including)	4.2.8-p3-rc1 (including)
Ntp	Ntp	4.2.8-p3-rc2 (including)	4.2.8-p3-rc2 (including)
Ntp	Ntp	4.2.8-p3-rc3 (including)	4.2.8-p3-rc3 (including)
Ntp	Ntp	4.2.8-p4 (including)	4.2.8-p4 (including)
Ntp	Ntp	4.2.8-p5 (including)	4.2.8-p5 (including)
Ntp	Ntp	4.2.8-p6 (including)	4.2.8-p6 (including)
Ntp	Ntp	4.2.8-p7 (including)	4.2.8-p7 (including)
Ntp	Ntp	4.2.8-p8 (including)	4.2.8-p8 (including)
Ntp	Ntp	4.2.8-p9 (including)	4.2.8-p9 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-7185
CWE	https://cwe.mitre.org/data/definitions/.html

Affected Software

References