CVE-2018-7170
06.03.2018, 20:29
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ntp | ntp | 4.2.0 ≤ 𝑥 < 4.2.8 |
| ntp | ntp | 4.3.0 ≤ 𝑥 < 4.3.92 |
| ntp | ntp | 4.2.8 |
| ntp | ntp | 4.2.8:p1 |
| ntp | ntp | 4.2.8:p1-beta1 |
| ntp | ntp | 4.2.8:p1-beta2 |
| ntp | ntp | 4.2.8:p1-beta3 |
| ntp | ntp | 4.2.8:p1-beta4 |
| ntp | ntp | 4.2.8:p1-beta5 |
| ntp | ntp | 4.2.8:p1-rc1 |
| ntp | ntp | 4.2.8:p1-rc2 |
| ntp | ntp | 4.2.8:p2 |
| ntp | ntp | 4.2.8:p2-rc1 |
| ntp | ntp | 4.2.8:p2-rc2 |
| ntp | ntp | 4.2.8:p2-rc3 |
| ntp | ntp | 4.2.8:p3 |
| ntp | ntp | 4.2.8:p3-rc1 |
| ntp | ntp | 4.2.8:p3-rc2 |
| ntp | ntp | 4.2.8:p3-rc3 |
| ntp | ntp | 4.2.8:p4 |
| ntp | ntp | 4.2.8:p5 |
| ntp | ntp | 4.2.8:p6 |
| synology | router_manager | 1.1 ≤ 𝑥 < 1.1.6-6931-3 |
| synology | skynas | 𝑥 < 6.1.5-15254 |
| synology | virtual_diskstation_manager | 𝑥 < 6.1.6-15266 |
| synology | diskstation_manager | 5.2 ≤ 𝑥 < 6.1.6-15266 |
| synology | vs960hd_firmware | 𝑥 < 2.2.3-1505 |
| netapp | hci | - |
| netapp | solidfire | - |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ntp |
|
References