Wind River Support Network

HomeDefectsLIN7-9546
Fixed

LIN7-9546 : Security Advisory - ntp - CVE-2018-7184

Created: Feb 27, 2018    Updated: Sep 13, 2018
Resolved Date: Apr 25, 2018
Found In Version: 7.0.0.27
Fix Version: 7.0.0.29
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace

Description

The fix for NtpBug2952 was incomplete, and while it fixed one problem it created another. Specifically, it drops bad packets before updating the "received" timestamp. This means a third-party can inject a packet with a zero-origin timestamp, meaning the sender wants to reset the association, and the transmit timestamp in this bogus packet will be saved as the most recent "received" timestamp. The real remote peer does not know this value and this will disrupt the association until the association resets.

https://nvd.nist.gov/vuln/detail/CVE-2018-7184  

Other Downloads


CVEs


Live chat
Online