Vulnerability Description
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ntp | Ntp | 4.2.8 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
- http://www.ntp.org/Vendor Advisory
- https://arxiv.org/abs/2005.01783Third Party Advisory
- https://nikhiltripathi.in/NTP_attack.pdfThird Party Advisory
- https://security.netapp.com/advisory/ntap-20200518-0006/
- https://tools.ietf.org/html/rfc5905Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
- http://www.ntp.org/Vendor Advisory
- https://arxiv.org/abs/2005.01783Third Party Advisory
- https://nikhiltripathi.in/NTP_attack.pdfThird Party Advisory
- https://security.netapp.com/advisory/ntap-20200518-0006/
- https://tools.ietf.org/html/rfc5905Third Party Advisory
FAQ
What is CVE-2018-8956?
CVE-2018-8956 is a vulnerability with a CVSS score of 5.3 (MEDIUM). ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets...
How severe is CVE-2018-8956?
CVE-2018-8956 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-8956?
Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp.