Vulnerability CVE-2018-7170


Published: 2018-03-06

Description:
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

Type:

CWE-320

(Key Management Errors)

Vendor: Synology
Product: Diskstation manager 
Version:
6.1
6.0
5.2
See more versions on NVD
Vendor: NTP
Product: NTP 
Version:
4.3.91
4.3.90
4.3.9
4.3.89
4.3.88
4.3.87
4.3.86
4.3.85
4.3.84
4.3.83
4.3.82
4.3.81
4.3.80
4.3.8
4.3.79
4.3.78
4.3.77
4.3.76
4.3.75
4.3.74
4.3.73
4.3.72
4.3.71
4.3.70
4.3.7
4.3.69
4.3.68
4.3.67
4.3.66
4.3.65
4.3.64
4.3.63
4.3.62
4.3.61
4.3.60
4.3.6
4.3.59
4.3.58
4.3.57
4.3.56
4.3.55
4.3.54
4.3.53
4.3.52
4.3.51
4.3.50
4.3.5
4.3.49
4.3.48
4.3.47
4.3.46
4.3.45
4.3.44
4.3.43
4.3.42
4.3.41
4.3.40
4.3.4
4.3.39
4.3.38
4.3.37
4.3.36
4.3.35
4.3.34
4.3.33
4.3.32
4.3.31
4.3.30
4.3.3
4.3.29
4.3.28
4.3.27
4.3.26
4.3.25
4.3.24
4.3.23
4.3.22
4.3.21
4.3.20
4.3.2
4.3.19
4.3.18
4.3.17
4.3.16
4.3.15
4.3.14
4.3.13
4.3.12
4.3.11
4.3.10
4.3.1
4.3.0
4.2.8
4.2.7p444
4.2.7
4.2.6
4.2.5
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
http://support.ntp.org/bin/view/Main/NtpBug3415
http://www.securityfocus.com/archive/1/541824/100/0/threaded
http://www.securityfocus.com/bid/103194
https://bugzilla.redhat.com/show_bug.cgi?id=1550214
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
https://security.gentoo.org/glsa/201805-12
https://security.netapp.com/advisory/ntap-20180626-0001/
https://www.synology.com/support/security/Synology_SA_18_13

Related CVE
CVE-2019-8936
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2019-11331
Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.
CVE-2018-12327
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whet...
CVE-2016-9042
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate repl...
CVE-2018-7183
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
CVE-2018-7185
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association ...
CVE-2018-7184
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset ...
CVE-2018-7182
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.

Copyright 2019, cxsecurity.com

 

Back to Top