vulnerability
FreeBSD: VID-af485ef4-1c58-11e8-8477-d05099c0ae8c (CVE-2018-7170): ntp -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Feb 28, 2018 | May 6, 2018 | Dec 10, 2025 |
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Feb 28, 2018
Added
May 6, 2018
Modified
Dec 10, 2025
Description
Network Time Foundation reports: The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11. This release addresses five security issues in ntpd: LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association one security issue in ntpq: MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can write beyond its buffer limit and provides over 33 bugfixes and 32 other improvements.
Solutions
freebsd-upgrade-base-11_1-release-p7freebsd-upgrade-base-10_4-release-p6freebsd-upgrade-base-10_3-release-p27freebsd-upgrade-package-ntpfreebsd-upgrade-package-ntp-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.