| CVE-2018-7185 |
Medium |
Yes |
Denial of service |
The NTP Protocol allows for both non-authenticated and authenticated associations, in client/server, symmetric (peer), and several broadcast modes. In... |
| CVE-2018-7184 |
Medium |
Yes |
Denial of service |
The fix for NtpBug2952 was incomplete, and while it fixed one problem it created another. Specifically, it drops bad packets before updating the "received"... |
| CVE-2018-7183 |
High |
Yes |
Arbitrary code execution |
ntpq is a monitoring and control program for ntpd. decodearr() is an internal function of ntpq that is used to -- wait for it -- decode an array in a... |
| CVE-2018-7182 |
Medium |
Yes |
Denial of service |
ctl_getitem() is used by ntpd to process incoming mode 6 packets. A malicious mode 6 packet can be sent to an ntpd instance, and if the ntpd instance is... |
| CVE-2018-7170 |
High |
Yes |
Content spoofing |
ntpd can be vulnerable to Sybil attacks. If a system is set up to use a trustedkey and if one is not using the feature introduced in ntp-4.2.8p6 allowing an... |
| CVE-2016-1549 |
Medium |
Yes |
Content spoofing |
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and... |