{"id":"USN-3707-1","summary":"ntp vulnerabilities","details":"Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6\npackets. A remote attacker could possibly use this issue to cause ntpd to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182)\n\nMichael Macnair discovered that NTP incorrectly handled certain responses.\nA remote attacker could possibly use this issue to execute arbitrary code.\n(CVE-2018-7183)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain\nzero-origin timestamps. A remote attacker could possibly use this issue to\ncause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu\n18.04 LTS. (CVE-2018-7184)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain\nzero-origin timestamps. A remote attacker could possibly use this issue to\ncause a denial of service. (CVE-2018-7185)\n","modified":"2026-02-10T04:41:23Z","published":"2018-07-09T16:48:16Z","related":["UBUNTU-CVE-2018-7182","UBUNTU-CVE-2018-7183","UBUNTU-CVE-2018-7184","UBUNTU-CVE-2018-7185"],"upstream":["CVE-2018-7182","CVE-2018-7183","CVE-2018-7184","CVE-2018-7185","UBUNTU-CVE-2018-7182","UBUNTU-CVE-2018-7183","UBUNTU-CVE-2018-7184","UBUNTU-CVE-2018-7185"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3707-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-7182"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-7183"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-7184"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-7185"}],"affected":[{"package":{"name":"ntp","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/ntp@1:4.2.6.p5+dfsg-3ubuntu2.14.04.13?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.2.6.p5+dfsg-3ubuntu2.14.04.13"}]}],"versions":["1:4.2.6.p5+dfsg-3ubuntu2","1:4.2.6.p5+dfsg-3ubuntu2.14.04.1","1:4.2.6.p5+dfsg-3ubuntu2.14.04.2","1:4.2.6.p5+dfsg-3ubuntu2.14.04.3","1:4.2.6.p5+dfsg-3ubuntu2.14.04.5","1:4.2.6.p5+dfsg-3ubuntu2.14.04.6","1:4.2.6.p5+dfsg-3ubuntu2.14.04.7","1:4.2.6.p5+dfsg-3ubuntu2.14.04.8","1:4.2.6.p5+dfsg-3ubuntu2.14.04.10","1:4.2.6.p5+dfsg-3ubuntu2.14.04.11","1:4.2.6.p5+dfsg-3ubuntu2.14.04.12"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"ntp","binary_version":"1:4.2.6.p5+dfsg-3ubuntu2.14.04.13"},{"binary_name":"ntpdate","binary_version":"1:4.2.6.p5+dfsg-3ubuntu2.14.04.13"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-7183"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2018-7185"}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3707-1.json"}},{"package":{"name":"ntp","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/ntp@1:4.2.8p4+dfsg-3ubuntu5.9?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.2.8p4+dfsg-3ubuntu5.9"}]}],"versions":["1:4.2.6.p5+dfsg-3ubuntu8","1:4.2.6.p5+dfsg-3ubuntu8.1","1:4.2.6.p5+dfsg-3ubuntu9","1:4.2.8p4+dfsg-3ubuntu1","1:4.2.8p4+dfsg-3ubuntu2","1:4.2.8p4+dfsg-3ubuntu3","1:4.2.8p4+dfsg-3ubuntu4","1:4.2.8p4+dfsg-3ubuntu5","1:4.2.8p4+dfsg-3ubuntu5.1","1:4.2.8p4+dfsg-3ubuntu5.2","1:4.2.8p4+dfsg-3ubuntu5.3","1:4.2.8p4+dfsg-3ubuntu5.4","1:4.2.8p4+dfsg-3ubuntu5.5","1:4.2.8p4+dfsg-3ubuntu5.6","1:4.2.8p4+dfsg-3ubuntu5.7","1:4.2.8p4+dfsg-3ubuntu5.8"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"ntp","binary_version":"1:4.2.8p4+dfsg-3ubuntu5.9"},{"binary_name":"ntpdate","binary_version":"1:4.2.8p4+dfsg-3ubuntu5.9"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-7183"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2018-7185"}],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3707-1.json"}},{"package":{"name":"ntp","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/ntp@1:4.2.8p10+dfsg-5ubuntu7.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.2.8p10+dfsg-5ubuntu7.1"}]}],"versions":["1:4.2.8p10+dfsg-5ubuntu3","1:4.2.8p10+dfsg-5ubuntu4","1:4.2.8p10+dfsg-5ubuntu5","1:4.2.8p10+dfsg-5ubuntu6","1:4.2.8p10+dfsg-5ubuntu7"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"ntp","binary_version":"1:4.2.8p10+dfsg-5ubuntu7.1"},{"binary_name":"ntpdate","binary_version":"1:4.2.8p10+dfsg-5ubuntu7.1"},{"binary_name":"sntp","binary_version":"1:4.2.8p10+dfsg-5ubuntu7.1"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-7182"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-7183"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2018-7184"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2018-7185"}],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3707-1.json"}}],"schema_version":"1.7.3"}