CVE-2018-7183
Publication date 8 March 2018
Last updated 24 July 2024
Ubuntu priority
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| ntp | ||
| 18.04 LTS bionic |
Fixed 1:4.2.8p10+dfsg-5ubuntu7.1
|
|
| 16.04 LTS xenial |
Fixed 1:4.2.8p4+dfsg-3ubuntu5.9
|
|
| 14.04 LTS trusty |
Fixed 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13
|
Patch details
| Package | Patch details |
|---|---|
| ntp |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.8 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3707-1
- NTP vulnerabilities
- 9 July 2018
- USN-3707-2
- NTP vulnerabilities
- 23 January 2019