CVE-2018-7170

Priority
Description
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows
authenticated users that know the private symmetric key to create
arbitrarily-many ephemeral associations in order to win the clock selection
of ntpd and modify a victim's clock via a Sybil attack. This issue exists
because of an incomplete fix for CVE-2016-1549.
Notes
Package
Source: ntp (LP Ubuntu Debian)
Upstream:released (4.2.8p11)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):released (1:4.2.8p11+dfsg-1ubuntu1)
Ubuntu 19.10 (Eoan Ermine):released (1:4.2.8p11+dfsg-1ubuntu1)
Ubuntu 20.04 (Focal Fossa):released (1:4.2.8p11+dfsg-1ubuntu1)
Patches:
Upstream:http://bk.ntp.org/ntp-stable/?PAGE=cset&REV=5a5dab3a2_FQ3mvEDDduCKFCgMUHxg
Upstream:http://bk.ntp.org/ntp-stable/?PAGE=cset&REV=5a5ecbd3TlxNJ-4bhpgNPrNnk0qyRA
Upstream:http://bk.ntp.org/ntp-stable/?PAGE=cset&REV=5a682fbb3GRmeAsQBMaL14IFQKVWIQ
Upstream:http://bk.ntp.org/ntp-stable/?PAGE=cset&REV=5a6acee9cAeq0Mxp-nKXzoZdyFjupQ
More Information

Updated: 2019-12-05 19:57:31 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)