CVE-2018-7184

Name of the Vulnerable Software and Affected Versions ntp versions 4.2.8p4 through 4.2.8p10

Description The issue is related to errors in processing input data in the ntpd implementation of the NTP protocol. Exploitation of this issue can allow a remote attacker to cause a denial of service by sending specially crafted packets. This can disrupt the service by resetting the association and setting the packet's contents as the most recent timestamp. The problem arises from an incomplete fix for a previous issue. Additionally, the vulnerability can be exploited by creating multiple ephemeral associations to win the clock selection of ntpd, allowing an attacker to modify a victim's clock.

Recommendations For ntp versions 4.2.8p4 through 4.2.8p10, update to version 4.2.8p11 or later to resolve the issue. As a temporary workaround, consider restricting access to the ntpd service to minimize the risk of exploitation.