Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2018-7170

Published: 06/03/2018 Updated: 18/06/2020
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Ntp

Vulnerability Summary

ntpd in ntp 4.2.x prior to 4.2.8p7 and 4.3.x prior to 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp

ntp ntp 4.2.8

synology diskstation manager

synology router manager

synology skynas

synology virtual diskstation manager

synology vs960hd_firmware

netapp hci -

netapp solidfire -

hpe hpux-ntp

Vendor Advisories

Amazon Linux AMI: ALAS-2018-1083
ntpd in ntp 42x before 428p7 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack This issue exists because of an incomplete fix for CVE-2016-1549(CVE-2018-7170) The ntpq and ntpdc command-line ...
Amazon Linux AMI: ALAS-2018-1009
Ephemeral association time spoofing additional protectionntpd in ntp 42x before 428p7 and 43x before 4392 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack This issue exists because of an ...
Red Hat: CVE-2018-7170
A flaw was found in ntpd making it vulnerable to Sybil attacks An authenticated attacker could target systems configured to use a trusted key in certain configurations and to create an arbitrary number of associations and subsequently modify a victim's clock ...
Arch Linux Issues:
ntpd can be vulnerable to Sybil attacks If a system is set up to use a trustedkey and if one is not using the feature introduced in ntp-428p6 allowing an optional 4th field in the ntpkeys file to specify which IPs can serve time, a malicious authenticated peer -- ie one where the attacker knows the private symmetric key -- can create arbitrar ...

References

NVD-CWE-noinfohttps://bugzilla.redhat.com/show_bug.cgi?id=1550214http://www.securityfocus.com/bid/103194http://support.ntp.org/bin/view/Main/NtpBug3415http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.aschttps://www.synology.com/support/security/Synology_SA_18_13https://security.netapp.com/advisory/ntap-20180626-0001/http://www.securityfocus.com/archive/1/541824/100/0/threadedhttps://security.gentoo.org/glsa/201805-12https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2018-1083.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook