ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim’s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

References

packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html

support.ntp.org/bin/view/Main/NtpBug3415

www.securityfocus.com/archive/1/541824/100/0/threaded

www.securityfocus.com/bid/103194

bugzilla.redhat.com/show_bug.cgi?id=1550214

security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc

security.gentoo.org/glsa/201805-12

security.netapp.com/advisory/ntap-20180626-0001/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

www.synology.com/support/security/Synology_SA_18_13

nvd 2

prion 2

f5 3

cve 2

nessus 45

debiancve 2

ubuntucve 2

amazon 3

redhatcve 1

openvas 29

slackware 3

seebug 1

cvelist 1

talos 1

archlinux 1

mageia 1

fedora 5

freebsd 2

aix 2

suse 9

ibm 7

gentoo 2

freebsd_advisory 2

symantec 1

cisco 1

arista 1

fortinet 1

cert 1

nvd

CVE-2018-7170

2018-03-06 20:29:01

CVE-2016-1549

2017-01-06 21:59:00

prion

Code injection

2018-03-06 20:29:00

Code injection

2017-01-06 21:59:00

K82570157 : NTP vulnerability CVE-2018-7170

2018-03-19 00:00:00

K65271605 : NTP vulnerability CVE-2016-1549

2016-06-13 00:00:00

SOL65271605 - NTP vulnerability CVE-2016-1549

2016-06-13 00:00:00

cve

CVE-2018-7170

2018-03-06 20:29:01

CVE-2016-1549

2017-01-06 21:59:00

nessus

F5 Networks BIG-IP : NTP vulnerability (K82570157)

2023-11-03 00:00:00

Amazon Linux AMI : ntp (ALAS-2018-1083)

2018-09-20 00:00:00

Slackware 14.0 / 14.1 / 14.2 / current : ntp (SSA:2018-060-02)

2018-03-02 00:00:00

debiancve

CVE-2018-7170

2018-03-06 20:29:01

CVE-2016-1549

2017-01-06 21:59:00

ubuntucve

CVE-2018-7170

2018-03-06 00:00:00

CVE-2016-1549

2017-01-06 00:00:00

amazon

Low: ntp

2018-09-19 17:19:00

Medium: ntp

2018-05-10 17:01:00

Medium: ntp

2018-05-10 17:11:00

redhatcve

CVE-2018-7170

2018-02-28 19:49:37

openvas

Slackware: Security Advisory (SSA:2018-060-02)

2022-04-21 00:00:00

NTP.org 'ntpd' Authenticated Symmetric Passive Peering Remote Vulnerability

2018-03-07 00:00:00

SUSE: Security Advisory (SUSE-SU-2018:0956-1)

2021-04-19 00:00:00

slackware

[slackware-security] ntp

2018-03-01 23:49:07

[slackware-security] ntp

2018-08-17 17:43:28

[slackware-security] ntp

2016-04-29 21:57:25

seebug

Network Time Protocol Ephemeral Association Time Spoofing Vulnerability(CVE-2016-1549)

2017-10-26 00:00:00

cvelist

CVE-2016-1549

2017-01-06 21:00:00

talos

Network Time Protocol Ephemeral Association Time Spoofing Vulnerability

2016-04-26 00:00:00

archlinux

[ASA-201803-11] ntp: multiple issues

2018-03-16 00:00:00

mageia

Updated ntp packages fix security vulnerabilities

2018-04-07 01:54:47

fedora

[SECURITY] Fedora 26 Update: ntp-4.2.8p11-1.fc26

2018-03-27 19:30:28

[SECURITY] Fedora 27 Update: ntp-4.2.8p11-1.fc27

2018-03-27 20:16:30

[SECURITY] Fedora 27 Update: ntp-4.2.8p12-1.fc27

2018-09-26 20:17:54

freebsd

ntp -- multiple vulnerabilities

2018-02-27 00:00:00

ntp -- multiple vulnerabilities

2016-04-26 00:00:00

aix

There are vulnerabilities in NTPv4 that affect AIX.

2018-12-14 12:20:13

Vulnerabilities in NTP affect AIX,Vulnerabilities in NTP affect VIOS

2018-08-14 14:48:57

suse

Security update for ntp (moderate)

2018-10-25 18:10:27

Security update for ntp (moderate)

2018-10-25 18:21:54

Security update for ntp (important)

2016-05-18 14:10:13

ibm

Security Bulletin: Vulnerabilities in NTP affect AIX

2018-08-14 21:30:02

Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2018-12327, CVE-2018-7170)

2018-12-14 18:25:01

Security Bulletin: Vulnerabilities in NTP affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru

2023-12-07 22:31:02

gentoo

NTP: Multiple vulnerabilities

2018-05-26 00:00:00

NTP: Multiple vulnerabilities

2016-07-20 00:00:00

freebsd_advisory

FreeBSD-SA-18:02.ntp

2018-03-07 00:00:00

FreeBSD-SA-16:16.ntp

2016-04-29 00:00:00

symantec

SA165: NTP Vulnerabilities February 2018

2018-04-26 08:00:00

cisco

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016

2016-04-28 09:00:00

arista

Security Advisory 0019

2018-04-25 00:00:00

fortinet

ntp-4.2.8p7 Security Vulnerability Announcement April 2016

2017-04-03 00:00:00

cert

NTP.org ntpd contains multiple vulnerabilities

2016-04-27 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.0%

JSON

Related for CVELIST:CVE-2018-7170