Bug 1550218 (CVE-2018-7184)

Summary: CVE-2018-7184 ntp: Interleaved symmetric mode cannot recover from bad state
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: linville, mlichvar, slawomir, xingli
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ntp 4.2.8p11 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-21 19:57:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1550228, 1550229    
Bug Blocks: 1550226    

Description Pedro Sampaio 2018-02-28 19:41:17 UTC 
The fix for NtpBug2952 was incomplete, and while it fixed one problem it created another. Specifically, it drops bad packets before updating the "received" timestamp. This means a third-party can inject a packet with a zero-origin timestamp, meaning the sender wants to reset the association, and the transmit timestamp in this bogus packet will be saved as the most recent "received" timestamp. The real remote peer does not know this value and this will disrupt the association until the association resets.

References:

http://support.ntp.org/bin/view/Main/NtpBug3453
Comment 1 Pedro Sampaio 2018-02-28 19:51:20 UTC 
Created ntp tracking bugs for this issue:

Affects: fedora-all [bug 1550228]