7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.967 High
EPSS
Percentile
99.7%
Issue Overview:
2023-10-25: CVE-2013-5211 was added to this advisory.
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. (CVE-2013-5211)
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim’s clock. (CVE-2016-1549)
A flaw was found in ntpd making it vulnerable to Sybil attacks. An authenticated attacker could target systems configured to use a trusted key in certain configurations and to create an arbitrary number of associations and subsequently modify a victim’s clock. (CVE-2018-7170)
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. (CVE-2018-7182)
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. (CVE-2018-7183)
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the “received” timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. (CVE-2018-7184)
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the “other side” of an interleaved association causing the victim ntpd to reset its association. (CVE-2018-7185)
Affected Packages:
ntp
Issue Correction:
Run yum update ntp to update your system.
New Packages:
i686:
ntpdate-4.2.8p11-1.37.amzn1.i686
ntp-4.2.8p11-1.37.amzn1.i686
ntp-debuginfo-4.2.8p11-1.37.amzn1.i686
noarch:
ntp-doc-4.2.8p11-1.37.amzn1.noarch
ntp-perl-4.2.8p11-1.37.amzn1.noarch
src:
ntp-4.2.8p11-1.37.amzn1.src
x86_64:
ntpdate-4.2.8p11-1.37.amzn1.x86_64
ntp-4.2.8p11-1.37.amzn1.x86_64
ntp-debuginfo-4.2.8p11-1.37.amzn1.x86_64
Red Hat: CVE-2013-5211, CVE-2016-1549, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185
Mitre: CVE-2013-5211, CVE-2016-1549, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | ntpdate | < 4.2.8p11-1.37.amzn1 | ntpdate-4.2.8p11-1.37.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | ntp | < 4.2.8p11-1.37.amzn1 | ntp-4.2.8p11-1.37.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | ntp-debuginfo | < 4.2.8p11-1.37.amzn1 | ntp-debuginfo-4.2.8p11-1.37.amzn1.i686.rpm |
Amazon Linux | 1 | noarch | ntp-doc | < 4.2.8p11-1.37.amzn1 | ntp-doc-4.2.8p11-1.37.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | ntp-perl | < 4.2.8p11-1.37.amzn1 | ntp-perl-4.2.8p11-1.37.amzn1.noarch.rpm |
Amazon Linux | 1 | x86_64 | ntpdate | < 4.2.8p11-1.37.amzn1 | ntpdate-4.2.8p11-1.37.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | ntp | < 4.2.8p11-1.37.amzn1 | ntp-4.2.8p11-1.37.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | ntp-debuginfo | < 4.2.8p11-1.37.amzn1 | ntp-debuginfo-4.2.8p11-1.37.amzn1.x86_64.rpm |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.967 High
EPSS
Percentile
99.7%