people.canonical.com
Open in
urlscan Pro
91.189.89.62
Public Scan
URL:
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7170
Submission: On March 17 via api from IL — Scanned from GB
Submission: On March 17 via api from IL — Scanned from GB
Form analysis 0 forms found in the DOM
Text Content
Ubuntu CVE Tracker * Home * Main * Universe * Partner CVE-2018-7170 Priority Low Description ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170 http://www.kb.cert.org/vuls/id/961909 http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S Bugs http://support.ntp.org/bin/view/Main/NtpBug3415 Notes Package Source: ntp (LP Ubuntu Debian) Upstream:released (4.2.8p11) Ubuntu 18.04 LTS (Bionic Beaver):needed Ubuntu 20.04 LTS (Focal Fossa):released (1:4.2.8p11+dfsg-1ubuntu1) Ubuntu 21.10 (Impish Indri):released (1:4.2.8p11+dfsg-1ubuntu1) Ubuntu 16.04 ESM (Xenial Xerus):needed Ubuntu 14.04 ESM (Trusty Tahr):needed Patches: Upstream:http://bk.ntp.org/ntp-stable/?PAGE=cset&REV=5a5dab3a2_FQ3mvEDDduCKFCgMUHxg Upstream:http://bk.ntp.org/ntp-stable/?PAGE=cset&REV=5a5ecbd3TlxNJ-4bhpgNPrNnk0qyRA Upstream:http://bk.ntp.org/ntp-stable/?PAGE=cset&REV=5a682fbb3GRmeAsQBMaL14IFQKVWIQ Upstream:http://bk.ntp.org/ntp-stable/?PAGE=cset&REV=5a6acee9cAeq0Mxp-nKXzoZdyFjupQ More Information * Mitre * NVD * Launchpad * Debian Updated: 2022-02-10 22:33:27 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04) © Canonical Ltd. 2007-2022