CVE-2018-7184
NONE EPSS 94.6%
Published Mar 6, 20188y ago · Modified Jun 17, 20262w ago
Published Mar 6, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
Threat Intelligence
EPSS Exploit Probability
94.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Affected Products 23
| Vendor | Product | Version | Range |
|---|---|---|---|
| ntp | ntp | 4.2.8 | any |
| ntp | ntp | 4.2.8 | any |
| ntp | ntp | 4.2.8 | any |
| ntp | ntp | 4.2.8 | any |
| ntp | ntp | 4.2.8 | any |
| ntp | ntp | 4.2.8 | any |
| ntp | ntp | 4.2.8 | any |
| synology | router_manager | 1.1 | any |
| synology | skynas | * | any |
| synology | virtual_diskstation_manager | * | any |
| synology | diskstation_manager | 5.2 | any |
| synology | diskstation_manager | 6.0 | any |
| synology | diskstation_manager | 6.1 | any |
| synology | vs960hd_firmware | * | any |
| slackware | slackware_linux | 14.0 | any |
| slackware | slackware_linux | 14.1 | any |
| slackware | slackware_linux | 14.2 | any |
| canonical | ubuntu_linux | 14.04 | any |
| canonical | ubuntu_linux | 16.04 | any |
| canonical | ubuntu_linux | 17.10 | any |
| canonical | ubuntu_linux | 18.04 | any |
| netapp | cloud_backup | * | any |
| netapp | steelstore_cloud_integrated_storage | * | any |
References 10
- packetstormsecurity.com http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
- support.ntp.org http://support.ntp.org/bin/view/Main/NtpBug3453
- securityfocus.com http://www.securityfocus.com/archive/1/541824/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/103192
- security.freebsd.org https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
- security.gentoo.org https://security.gentoo.org/glsa/201805-12
- security.netapp.com https://security.netapp.com/advisory/ntap-20180626-0001/
- support.hpe.com https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
- usn.ubuntu.com https://usn.ubuntu.com/3707-1/
- synology.com https://www.synology.com/support/security/Synology_SA_18_13
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.