CVE-2018-8956

ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p13:*:*:*:*:*:*

History

No history.

Information

Published : 2020-05-06 19:15

Updated : 2024-02-04 21:00


NVD link : CVE-2018-8956

Mitre link : CVE-2018-8956

CVE.ORG link : CVE-2018-8956


JSON object : View

Products Affected

ntp

  • ntp
CWE
CWE-20

Improper Input Validation