CVE-2018-7170

Public on 2018-03-06

Modified on 2018-09-19

Description

A flaw was found in ntpd making it vulnerable to Sybil attacks. An authenticated attacker could target systems configured to use a trusted key in certain configurations and to create an arbitrary number of associations and subsequently modify a victim's clock.

Severity

Low

See what this means

CVSS v3 Base Score

3.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	ntp	2018-09-19 17:19	ALAS-2018-1083
Amazon Linux 1	ntp	2018-05-10 17:01	ALAS-2018-1009

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	3.1	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
NVD	CVSSv2	3.5	AV:N/AC:M/Au:S/C:N/I:P/A:N
NVD	CVSSv3	5.3	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

References

Red Hat: CVE-2018-7170 Mitre: CVE-2018-7170 FAQs regarding Amazon Linux ALAS/CVE Severity