Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-7170

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

Related bugs and status

CVE-2018-7170 (Candidate) is related to these bugs:

Bug #1773921: merge ntp 1:4.2.8p11+dfsg-1 for cosmic

Summary				In	Importance	Status
	1773921	merge ntp 1:4.2.8p11+dfsg-1 for cosmic		ntp (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://packetstormsecu...
MISC: https://bugzilla.redha...
CONFIRM: http://support.ntp.org...
BID: 103194
FREEBSD: FreeBSD-SA-18:02
CONFIRM: https://www.synology.c...
CONFIRM: https://security.netap...
BUGTRAQ: 20180301 [Newsletter/M...
GENTOO: GLSA-201805-12
CONFIRM: https://support.hpe.co...