Skip to content

Home Early Warning System Issues Others Vulnerabilities in DHCP Client and NTP Affect F5 Products
Vulnerabilities in DHCP Client and NTP Affect F5 Products
Wednesday, 21 March 2018 11:00

K08306700: DHCP client vulnerability (CVE-2018-5732)
An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet. An attacker can cause a denial of service (DoS) of DHCP functionality on the F5 product management interface. No upgrade was available at the time of this entry.

K82570157: NTP vulnerability (CVE-2018-7170)
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. An attacker can make adjustments to the system time of the F5 product, disrupting time-sensitive functionality of the F5 product. Only F5 products configured to use symmetric key authentication when synchronizing time with an NTP server are vulnerable. No upgrade was available at the time of this entry.

 
[YOUR IP : 54.162.118.107: 33008] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...