CVE-2018-7185

Public on 2018-05-10
Modified on 2018-05-10
Description
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
Severity
Low
CVSS v3 Base Score
3.1
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 ntp 2018-05-10 17:01 ALAS-2018-1009

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
NVD CVSSv2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H