Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2018-7170

Published: 06/03/2018 Updated: 18/06/2020
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Summary

ntpd in ntp 4.2.x prior to 4.2.8p7 and 4.3.x prior to 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp 4.2.8

ntp ntp

synology diskstation manager

synology router manager

synology skynas

synology virtual diskstation manager

synology vs960hd firmware

netapp hci -

netapp solidfire -

hpe hpux-ntp

Vendor Advisories

Amazon Linux AMI: ALAS-2018-1083
ntpd in ntp 42x before 428p7 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack This issue exists because of an incomplete fix for CVE-2016-1549(CVE-2018-7170) The ntpq and ntpdc command-line ...
Amazon Linux AMI: ALAS-2018-1009
Ephemeral association time spoofing additional protectionntpd in ntp 42x before 428p7 and 43x before 4392 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack This issue exists because of an ...
Red Hat: CVE-2018-7170
A flaw was found in ntpd making it vulnerable to Sybil attacks An authenticated attacker could target systems configured to use a trusted key in certain configurations and to create an arbitrary number of associations and subsequently modify a victim's clock ...
Arch Linux Issues:
ntpd can be vulnerable to Sybil attacks If a system is set up to use a trustedkey and if one is not using the feature introduced in ntp-428p6 allowing an optional 4th field in the ntpkeys file to specify which IPs can serve time, a malicious authenticated peer -- ie one where the attacker knows the private symmetric key -- can create arbitrar ...

References

NVD-CWE-noinfohttps://bugzilla.redhat.com/show_bug.cgi?id=1550214http://www.securityfocus.com/bid/103194http://support.ntp.org/bin/view/Main/NtpBug3415http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.aschttps://www.synology.com/support/security/Synology_SA_18_13https://security.netapp.com/advisory/ntap-20180626-0001/http://www.securityfocus.com/archive/1/541824/100/0/threadedhttps://security.gentoo.org/glsa/201805-12https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2018-1083.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRFserver-side request forgeryCVE-2024-30067CVE-2024-5553CVE-2024-30095IDORCVE-2024-35252CVE-2024-23692CVE-2024-27801
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook