AVG-647 log

Package ntp
Status Fixed
Severity High
Type multiple issues
Affected 4.2.8.p10-1
Fixed 4.2.8.p11-1
Current 4.2.8.p17-1 [extra]
Ticket None
Created Sun Mar 4 10:33:09 2018
Issue Severity Remote Type Description
CVE-2018-7185 Medium Yes Denial of service
The NTP Protocol allows for both non-authenticated and authenticated associations, in client/server, symmetric (peer), and several broadcast modes. In...
CVE-2018-7184 Medium Yes Denial of service
The fix for NtpBug2952 was incomplete, and while it fixed one problem it created another. Specifically, it drops bad packets before updating the "received"...
CVE-2018-7183 High Yes Arbitrary code execution
ntpq is a monitoring and control program for ntpd. decodearr() is an internal function of ntpq that is used to -- wait for it -- decode an array in a...
CVE-2018-7182 Medium Yes Denial of service
ctl_getitem() is used by ntpd to process incoming mode 6 packets. A malicious mode 6 packet can be sent to an ntpd instance, and if the ntpd instance is...
CVE-2018-7170 High Yes Content spoofing
ntpd can be vulnerable to Sybil attacks. If a system is set up to use a trustedkey and if one is not using the feature introduced in ntp-4.2.8p6 allowing an...
CVE-2016-1549 Medium Yes Content spoofing
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and...
Date Advisory Package Type
16 Mar 2018 ASA-201803-11 ntp multiple issues