Broadcast Client Clock Synchronization Vulnerability in ntpd 4.2.8p10-4.2.8p13

Broadcast Client Clock Synchronization Vulnerability in ntpd 4.2.8p10-4.2.8p13

CVE-2018-8956 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.

Learn more about our Cis Benchmark Audit For Server Software.