Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-7170

Опубликовано: 27 фев. 2018
Источник: redhat
CVSS3: 3.1
EPSS Низкий

Описание

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

A flaw was found in ntpd making it vulnerable to Sybil attacks. An authenticated attacker could target systems configured to use a trusted key in certain configurations and to create an arbitrary number of associations and subsequently modify a victim's clock.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ntpWill not fix
Red Hat Enterprise Linux 6ntpWill not fix
Red Hat Enterprise Linux 7ntpWill not fix
Red Hat Enterprise Linux 8ntpFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1550214ntp: Ephemeral association time spoofing additional protection

EPSS

Процентиль: 67%
0.00536
Низкий

3.1 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-7170

CVSS3: 5.3
ubuntu
почти 8 лет назад

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

nvd логотип

CVE-2018-7170

CVSS3: 5.3
nvd
почти 8 лет назад

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

debian логотип

CVE-2018-7170

CVSS3: 5.3
debian
почти 8 лет назад

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authen ...

github логотип

GHSA-v9cv-3r4j-cx4j

CVSS3: 5.3
github
больше 3 лет назад

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

fstec логотип

BDU:2019-00217

CVSS3: 4.3
fstec
почти 8 лет назад

Уязвимость демона ntpd реализации протокола синхронизации времени NTP, связанная с ошибками управления ключами, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 67%
0.00536
Низкий

3.1 Low

CVSS3