Wind River Support Network

HomeDefectsLIN8-8805
Fixed

LIN8-8805 : Security Advisory - ntp - CVE-2018-7184

Created: Feb 27, 2018    Updated: Apr 22, 2022
Resolved Date: May 9, 2018
Found In Version: 8.0.0.24
Fix Version: 8.0.0.26
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

The fix for NtpBug2952 was incomplete, and while it fixed one problem it created another. Specifically, it drops bad packets before updating the "received" timestamp. This means a third-party can inject a packet with a zero-origin timestamp, meaning the sender wants to reset the association, and the transmit timestamp in this bogus packet will be saved as the most recent "received" timestamp. The real remote peer does not know this value and this will disrupt the association until the association resets.

https://nvd.nist.gov/vuln/detail/CVE-2018-7184  

Other Downloads


CVEs


Live chat
Online