CVE-2018-7170
First published: Wed Feb 28 2018(Updated: )
ntpd can be vulnerable to Sybil attacks. If a system is set up to use a trustedkey and if one is not using the feature introduced in ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to specify which IPs can serve time, a malicious authenticated peer -- i.e. one where the attacker knows the private symmetric key -- can create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock. Ps.: This is possibly a incomplete fix for <a href="https://access.redhat.com/security/cve/CVE-2016-1549">CVE-2016-1549</a>. References: <a href="http://support.ntp.org/bin/view/Main/NtpBug3415">http://support.ntp.org/bin/view/Main/NtpBug3415</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ntp | <4.2.8 | 4.2.8 |
| NTP ntp | >=4.2.0<4.2.8 | |
| NTP ntp | >=4.3.0<4.3.92 | |
| NTP ntp | =4.2.8 | |
| NTP ntp | =4.2.8-p1 | |
| NTP ntp | =4.2.8-p1-beta1 | |
| NTP ntp | =4.2.8-p1-beta2 | |
| NTP ntp | =4.2.8-p1-beta3 | |
| NTP ntp | =4.2.8-p1-beta4 | |
| NTP ntp | =4.2.8-p1-beta5 | |
| NTP ntp | =4.2.8-p1-rc1 | |
| NTP ntp | =4.2.8-p1-rc2 | |
| NTP ntp | =4.2.8-p2 | |
| NTP ntp | =4.2.8-p2-rc1 | |
| NTP ntp | =4.2.8-p2-rc2 | |
| NTP ntp | =4.2.8-p2-rc3 | |
| NTP ntp | =4.2.8-p3 | |
| NTP ntp | =4.2.8-p3-rc1 | |
| NTP ntp | =4.2.8-p3-rc2 | |
| NTP ntp | =4.2.8-p3-rc3 | |
| NTP ntp | =4.2.8-p4 | |
| NTP ntp | =4.2.8-p5 | |
| NTP ntp | =4.2.8-p6 | |
| Synology DiskStation Manager | >=5.2<6.1.6-15266 | |
| Synology Router Manager | >=1.1<1.1.6-6931-3 | |
| Synology Skynas | <6.1.5-15254 | |
| Synology Virtual Diskstation Manager | <6.1.6-15266 | |
| Synology Vs960hd Firmware | <2.2.3-1505 | |
| Synology Vs960hd | ||
| Netapp Hci | ||
| Netapp Solidfire | ||
| Hpe Hpux-ntp | <c.4.2.8.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2016-1549
- http://support.ntp.org/bin/view/Main/NtpBug3415
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1550228
- https://bugzilla.redhat.com/show_bug.cgi?id=1550214
- http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
- http://www.securityfocus.com/archive/1/541824/100/0/threaded
- http://www.securityfocus.com/bid/103194
- https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
- https://security.gentoo.org/glsa/201805-12
- https://security.netapp.com/advisory/ntap-20180626-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
- https://www.synology.com/support/security/Synology_SA_18_13
Frequently Asked Questions
What is CVE-2018-7170?
CVE-2018-7170 is a vulnerability in ntpd which allows authenticated users to create arbitrary associations and modify a victim's clock via a Sybil attack.
Which versions of ntp are affected by CVE-2018-7170?
Versions of ntp before 4.2.8p7 and 4.3.x before 4.3.92 are affected by CVE-2018-7170.
How can an attacker exploit CVE-2018-7170?
An attacker with knowledge of the private symmetric key can exploit CVE-2018-7170 to create arbitrary associations and modify a victim's clock via a Sybil attack.
What is the severity of CVE-2018-7170?
The severity of CVE-2018-7170 is medium with a CVSS score of 5.3.
How can I fix CVE-2018-7170?
To fix CVE-2018-7170, it is recommended to update ntp to version 4.2.8p7 or 4.3.0 or later.
- agent/references
- agent/type
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-7170
- agent/software-canonical-lookup
- vendor/ntp
- canonical/ntp ntp
- version/ntp ntp/4.2.0
- version/ntp ntp/4.3.0
- version/ntp ntp/4.2.8
- version/ntp ntp/4.2.8-p1
- version/ntp ntp/4.2.8-p1-beta1
- version/ntp ntp/4.2.8-p1-beta2
- version/ntp ntp/4.2.8-p1-beta3
- version/ntp ntp/4.2.8-p1-beta4
- version/ntp ntp/4.2.8-p1-beta5
- version/ntp ntp/4.2.8-p1-rc1
- version/ntp ntp/4.2.8-p1-rc2
- version/ntp ntp/4.2.8-p2
- version/ntp ntp/4.2.8-p2-rc1
- version/ntp ntp/4.2.8-p2-rc2
- version/ntp ntp/4.2.8-p2-rc3
- version/ntp ntp/4.2.8-p3
- version/ntp ntp/4.2.8-p3-rc1
- version/ntp ntp/4.2.8-p3-rc2
- version/ntp ntp/4.2.8-p3-rc3
- version/ntp ntp/4.2.8-p4
- version/ntp ntp/4.2.8-p5
- version/ntp ntp/4.2.8-p6
- vendor/synology
- canonical/synology diskstation manager
- version/synology diskstation manager/5.2
- canonical/synology router manager
- version/synology router manager/1.1
- canonical/synology skynas
- canonical/synology virtual diskstation manager
- canonical/synology vs960hd firmware
- canonical/synology vs960hd
- vendor/netapp
- canonical/netapp hci
- canonical/netapp solidfire
- vendor/hpe
- canonical/hpe hpux-ntp
- package-manager/redhat