Wind River Support Network

HomeDefectsLIN9-6474
Fixed

LIN9-6474 : Security Advisory - ntp - CVE-2018-7184

Created: Feb 27, 2018    Updated: Dec 3, 2018
Resolved Date: May 6, 2018
Found In Version: 9.0.0.14
Fix Version: 9.0.0.16
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

The fix for NtpBug2952 was incomplete, and while it fixed one problem it created another. Specifically, it drops bad packets before updating the "received" timestamp. This means a third-party can inject a packet with a zero-origin timestamp, meaning the sender wants to reset the association, and the transmit timestamp in this bogus packet will be saved as the most recent "received" timestamp. The real remote peer does not know this value and this will disrupt the association until the association resets.

https://nvd.nist.gov/vuln/detail/CVE-2018-7184  

Other Downloads


CVEs


Live chat
Online