CVE-2018-7170
published 2018-03-06CVE-2018-7170: ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral…
PriorityP429medium5.3CVSS 3.1
AVNACHPRLUINSUCNIHAN
EPSS
2.76%
84.4th percentile
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ntp | < ntp 1:4.2.8p11+dfsg-1 (bullseye) | ntp 1:4.2.8p11+dfsg-1 (bullseye) |
| debian | ntpsec | < ntp 1:4.2.8p11+dfsg-1 (bullseye) | ntp 1:4.2.8p11+dfsg-1 (bullseye) |
| hpe | hpux-ntp | < c.4.2.8.4.0 | c.4.2.8.4.0 |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | >= 0 < 1:4.2.8p11+dfsg-1 | 1:4.2.8p11+dfsg-1 |
| ntp | ntp | >= 4.2.0 < 4.2.8 | 4.2.8 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v9cv-3r4j-cx4j: ntpd in ntp 4
ghsa_unreviewed·2022-05-13·CVSS 6.5
CVE-2018-7170 [MEDIUM] GHSA-v9cv-3r4j-cx4j: ntpd in ntp 4
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
OSV
CVE-2018-7170: ntpd in ntp 4
osv·2018-03-06·CVSS 6.5
CVE-2018-7170 [MEDIUM] CVE-2018-7170: ntpd in ntp 4
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
BSD
FreeBSD-SA-18:02.ntp: Multiple vulnerabilities of ntp
bsd_advisories·2018-03-07·CVSS 5.3
CVE-2017-7183 [MEDIUM] FreeBSD-SA-18:02.ntp: Multiple vulnerabilities of ntp
FreeBSD-SA-18:02.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib
Module: ntp
Announced: 2018-03-07
Credits: Network Time Foundation
Affects: All supported versions of FreeBSD.
Corrected: 2018-02-28 09:01:03 UTC (stable/11, 11.1-STABLE)
2018-03-07 05:58:24 UTC (releng/11.1, 11.1-RELEASE-p7)
2018-03-01 04:06:49 UTC (stable/10, 10.4-STABLE)
2018-03-07 05:58:24 UTC (releng/10.4, 10.4-RELEASE-p6)
2018-03-07 05:58:24 UTC (releng/10.3, 10.3-RELEASE-p27)
CVE Name: CVE-2018-7182, CVE-2018-7170, CVE-2018-7184, CVE-2018-7185,
CVE-2018-7183
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The ntpd(8) daemon is an i
Red Hat
ntp: Ephemeral association time spoofing additional protection
vendor_redhat·2018-02-27·CVSS 6.5
CVE-2018-7170 [MEDIUM] ntp: Ephemeral association time spoofing additional protection
ntp: Ephemeral association time spoofing additional protection
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
A flaw was found in ntpd making it vulnerable to Sybil attacks. An authenticated attacker could target systems configured to use a trusted key in certain configurations and to create an arbitrary number of associations and subsequently modify a victim's clock.
Package: ntp (Red Hat Enterprise Linux 5) - Will not fix
Package: ntp (Red Hat Enterprise Linux 6) - Will not fix
Package: ntp (Red Hat Enterpr
Debian
CVE-2018-7170: ntp - ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated us...
vendor_debian·2018·CVSS 6.5
CVE-2018-7170 [MEDIUM] CVE-2018-7170: ntp - ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated us...
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
Scope: local
bullseye: resolved (fixed in 1:4.2.8p11+dfsg-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]
bugzilla·2018-02-28·CVSS 5.3
CVE-2018-7170 [MEDIUM] CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]
CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mul
Bugzilla
CVE-2018-7170 ntp: Ephemeral association time spoofing additional protection
bugzilla·2018-02-28·CVSS 6.5
CVE-2018-7170 [MEDIUM] CVE-2018-7170 ntp: Ephemeral association time spoofing additional protection
CVE-2018-7170 ntp: Ephemeral association time spoofing additional protection
ntpd can be vulnerable to Sybil attacks. If a system is set up to use a trustedkey and if one is not using the feature introduced in ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to specify which IPs can serve time, a malicious authenticated peer -- i.e. one where the attacker knows the private symmetric key -- can create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock.
Ps.: This is possibly a incomplete fix for CVE-2016-1549.
References:
http://support.ntp.org/bin/view/Main/NtpBug3415
Discussion:
Created ntp tracking bugs for this issue:
Affects: fedora-all [bug 1550228]
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlhttp://support.ntp.org/bin/view/Main/NtpBug3415http://www.securityfocus.com/archive/1/541824/100/0/threadedhttp://www.securityfocus.com/bid/103194https://bugzilla.redhat.com/show_bug.cgi?id=1550214https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.aschttps://security.gentoo.org/glsa/201805-12https://security.netapp.com/advisory/ntap-20180626-0001/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://www.synology.com/support/security/Synology_SA_18_13http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.htmlhttp://support.ntp.org/bin/view/Main/NtpBug3415http://www.securityfocus.com/archive/1/541824/100/0/threadedhttp://www.securityfocus.com/bid/103194https://bugzilla.redhat.com/show_bug.cgi?id=1550214https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.aschttps://security.gentoo.org/glsa/201805-12https://security.netapp.com/advisory/ntap-20180626-0001/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_ushttps://www.synology.com/support/security/Synology_SA_18_13
2018-03-06
Published