Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-7170

Опубликовано: 06 мар. 2018
Источник: ubuntu
Приоритет: low
CVSS2: 3.5
CVSS3: 5.3

Описание

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

РелизСтатусПримечание
artful

ignored

end of life
bionic

ignored

end of standard support, was needed
cosmic

released

1:4.2.8p11+dfsg-1ubuntu1
devel

DNE

disco

released

1:4.2.8p11+dfsg-1ubuntu1
eoan

released

1:4.2.8p11+dfsg-1ubuntu1
esm-apps/bionic

needed

esm-apps/focal

released

1:4.2.8p11+dfsg-1ubuntu1
esm-apps/jammy

released

1:4.2.8p11+dfsg-1ubuntu1
esm-infra-legacy/trusty

needed

Показывать по

Ссылки на источники

3.5 Low

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-7170

CVSS3: 3.1
redhat
почти 8 лет назад

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

nvd логотип

CVE-2018-7170

CVSS3: 5.3
nvd
почти 8 лет назад

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

debian логотип

CVE-2018-7170

CVSS3: 5.3
debian
почти 8 лет назад

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authen ...

github логотип

GHSA-v9cv-3r4j-cx4j

CVSS3: 5.3
github
больше 3 лет назад

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

fstec логотип

BDU:2019-00217

CVSS3: 4.3
fstec
почти 8 лет назад

Уязвимость демона ntpd реализации протокола синхронизации времени NTP, связанная с ошибками управления ключами, позволяющая нарушителю оказать воздействие на целостность данных

3.5 Low

CVSS2

5.3 Medium

CVSS3