#VU29542 Input validation error in ntp - CVE-2018-8956

Cybersecurity Help s.r.o.

Published: 2020-07-07

Vulnerability identifier: #VU29542

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-8956

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ntp
Server applications / Other server solutions

Vendor: ntp.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing NTP packets. A remote attacker that controls a slave server or is part of the same broadcast can prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

ntp: 4.2.8p10 - 4.2.8p13

External links
https://www.ntp.org/
https://arxiv.org/abs/2005.01783
https://nikhiltripathi.in/NTP_attack.pdf
https://security.netapp.com/advisory/ntap-20200518-0006/
https://tools.ietf.org/html/rfc5905

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

OpenSUSE Linux update for ntp

Multiple vulnerabilities in ntpd