Executive Summary

Informations
NameCVE-2018-7170First vendor Publication2018-03-06
VendorCveLast vendor Modification2019-10-02

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Cvss Base Score3.5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score6.8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application803
Application4
Application1
Hardware1
Hardware1
Os3

Nessus® Vulnerability Scanner

DateDescription
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-e585e25b72.nasl - Type : ACT_GATHER_INFO
2018-09-20Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1083.nasl - Type : ACT_GATHER_INFO
2018-05-29Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201805-12.nasl - Type : ACT_GATHER_INFO
2018-05-11Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1009.nasl - Type : ACT_GATHER_INFO
2018-05-11Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1009.nasl - Type : ACT_GATHER_INFO
2018-03-09Name : The remote NTP server is affected by multiple vulnerabilities.
File : ntp_4_2_8p11.nasl - Type : ACT_GATHER_INFO
2018-03-02Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2018-060-02.nasl - Type : ACT_GATHER_INFO
2018-02-28Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_af485ef41c5811e88477d05099c0ae8c.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/103194
BUGTRAQ http://www.securityfocus.com/archive/1/541824/100/0/threaded
CONFIRM http://support.ntp.org/bin/view/Main/NtpBug3415
https://security.netapp.com/advisory/ntap-20180626-0001/
https://www.synology.com/support/security/Synology_SA_18_13
FREEBSD https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
GENTOO https://security.gentoo.org/glsa/201805-12
MISC http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-U...
https://bugzilla.redhat.com/show_bug.cgi?id=1550214

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
DateInformations
2019-10-09 17:20:09
  • Multiple Updates
2019-10-03 09:21:27
  • Multiple Updates
2019-06-12 05:19:14
  • Multiple Updates
2019-03-01 00:19:07
  • Multiple Updates
2018-10-21 17:19:44
  • Multiple Updates
2018-10-10 00:20:05
  • Multiple Updates
2018-09-06 17:19:23
  • Multiple Updates
2018-06-28 09:19:12
  • Multiple Updates
2018-03-30 00:19:34
  • Multiple Updates
2018-03-28 12:09:09
  • Multiple Updates
2018-03-08 09:19:58
  • Multiple Updates
2018-03-07 00:20:14
  • First insertion