ID CVE-2018-7174 Type cve Reporter cve@mitre.org Modified 2019-10-03T00:03:00
Description
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.
{"fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16368", "CVE-2018-7173", "CVE-2018-7174", "CVE-2018-7175", "CVE-2018-7452", "CVE-2018-7454"], "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. ", "modified": "2019-03-03T02:47:48", "published": "2019-03-03T02:47:48", "id": "FEDORA:7F31C6057717", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xpdf-4.01-1.fc29", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:32:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7174", "CVE-2018-7173", "CVE-2018-7454", "CVE-2018-7452", "CVE-2018-16368", "CVE-2018-7175"], "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310876176", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876176", "type": "openvas", "title": "Fedora Update for xpdf FEDORA-2019-b3aec99d2c", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876176\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-16368\", \"CVE-2018-7452\", \"CVE-2018-7454\", \"CVE-2018-7175\", \"CVE-2018-7173\", \"CVE-2018-7174\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:37:52 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for xpdf FEDORA-2019-b3aec99d2c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-b3aec99d2c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANYTDA3PR32QQA3JHE5YYLMWNX5KGPOS\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xpdf'\n package(s) announced via the FEDORA-2019-b3aec99d2c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files. Xpdf is a small and efficient program which uses\nstandard X fonts.\");\n\n script_tag(name:\"affected\", value:\"'xpdf' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~4.01~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "symantec": [{"lastseen": "2021-01-15T20:46:38", "bulletinFamily": "software", "cvelist": ["CVE-2018-7170", "CVE-2018-7174", "CVE-2018-7182", "CVE-2018-7183", "CVE-2018-7184", "CVE-2018-7185"], "description": "### SUMMARY\n\nSymantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code, modify the target's system time, prevent the target from updating its system time, and cause denial of service through application crashes. \n \n\n\n### AFFECTED PRODUCTS \n\nThe following products are vulnerable:\n\n**Content Analysis** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7182, CVE-2018-7183, \nCVE-2018-7184 | 2.4 and later | Not vulnerable, fixed in 2.4.1.1 \n2.3 | Upgrade to 2.3.5.1. \n2.1, 2.2 | Upgrade to a later version with fixes. \n \n \n\nDirector \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 6.1 | Upgrade to a version of MC with the fixes. \n \n \n\n**Mail Threat Defense** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7182, CVE-2018-7183, \nCVE-2018-7184 | 1.1 | Upgrade to a version of CAS and SMG with the fixes. \n \n \n\n**Management Center** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7182, CVE-2018-7183, \nCVE-2018-7184 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1. \n1.11, 2.0 | Upgrade to a later version with fixes. \n \n \n\n**Reporter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7170, CVE-2018-7185 | 10.5 | Not vulnerable, fixed in 10.5.1.1 \n10.3, 10.4 (has vulnerable code, but not vulnerable to known vectors of attack) | Upgrade to a later version with fixes. \nCVE-2018-7182, CVE-2018-7183, \nCVE-2018-7184 | 10.1, 10.2 | Upgrade to a later version with fixes. \nAll CVEs | 9.5 | Not vulnerable \n \n \n\n**Security Analytics** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7170 and CVE-2018-7185 | 7.2, 8.1, 8.2 | Not available at this time \n7.1, 7.3, 8.0 | Upgrade to later version with fixes. \nCVE-2018-7182, CVE-2018-7183, \nCVE-2018-7184 | 7.2 | Not available at this time \n \n \n\n**SSL Visibility** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7182 | 5.0 | Not vulnerable, fixed in 5.0.2.1. \n4.5 | Not vulnerable, fixed in 4.5.1.1. \n4.1, 4.2, 4.3, 4.4 | Upgrade to a later version with fixes. \n3.12 | Upgrade to a later version with fixes. \n3.11 | Upgrade to a later version with fixes. \n3.10 | Upgrade to a later version with fixes. \n3.8.4FC | Upgrade to a later version with fixes. \n \n \n\nWeb Isolation (WI) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-7170 | 1.13, 1.14 | Not available at this time \n1.12 | Upgrade to a later version with fixes. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-7185 | 10.0, 11.0 | A fix will not be provided. \n \n \n\nThe following products contain a vulnerable version of the ntp.org NTP reference implementation, but are not vulnerable to known vectors of attack:\n\n**Advanced Secure Gateway** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 7.1 and later | Not vulnerable, fixed in 7.1.1.1 \n6.7 | Upgrade to 6.7.4.2. \n6.6 | Upgrade to later release with fixes. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION \n\nSymantec Network Protection products do not enable or use all functionality within the ntp.org NTP reference implementation. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided.\n\n * **ASG:** all CVEs\n * **CA:** CVE-2018-7170 and CVE-2018-7185\n * **MTD:** CVE-2018-7170 and CVE-2018-7185\n * **MC:** CVE-2018-7170 and CVE-2018-7185\n * **Reporter:** CVE-2018-7170 and CVE-2018-7185\n * **SSLV:** all CVEs except CVE-2018-7182\n\nThe following products are not vulnerable: \n**Android Mobile Agent \nAuthConnector \nBCAAA \nSymantec HSM Agent for the Luna SP \nCacheFlow \nClient Connector \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nIntelligenceCenter \nIntelligenceCenter Data Collector \nK9 \nMalware Analysis \nNorman Shark Industrial Control System Protection \nPacketShaper \nPacketShaper S-Series \nPolicyCenter \nPolicyCenter S-Series \nProxyAV \nProxyAV ConLog and ConLogXP \nProxyClient \nProxySG \nUnified Agent \n \n**\n\n### ISSUES\n\n**CVE-2018-7170** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 103194](<https://www.securityfocus.com/bid/103194>) / NVD: [CVE-2018-7170](<https://nvd.nist.gov/vuln/detail/CVE-2018-7170>) \n**Impact** | Unauthorized modification of system time \n**Description** | A Sybil vulnerability in ntpd allows remote authenticated NTP servers to establish a large number of ephemeral associations in order to influence the ntpd clock selection algorithm and modify the target's system time. \n \n \n\n**CVE-2018-7182** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 103191](<https://www.securityfocus.com/bid/103191>) / NVD: [CVE-2018-7182](<https://nvd.nist.gov/vuln/detail/CVE-2018-7182>) \n**Impact** | Denial of service \n**Description** | A buffer overread flaw in ntpd allows a remote attacker to send crafted mode 6 packets and cause denial of service through application crashes. \n \n \n\n**CVE-2018-7183** \n--- \n**Severity / CVSSv2** | High / 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 103351](<https://www.securityfocus.com/bid/103351>) / NVD: [CVE-2018-7183](<https://nvd.nist.gov/vuln/detail/CVE-2018-7183>) \n**Impact** | Denial of service \n**Description** | A buffer overflow flaw in ntpq allows a remote attacker to send a response with a crafted array and execute arbitrary code or cause denial of service. \n \n \n\n**CVE-2018-7184** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 103192](<https://www.securityfocus.com/bid/103192>) / NVD: [CVE-2018-7184](<https://nvd.nist.gov/vuln/detail/CVE-2018-7184>) \n**Impact** | Denial of service \n**Description** | A packet handling flaw in ntpd allows a remote attacker to send a packet with a zero-origin timestamp and reset the NTP association. This prevents ntpd from updating the system time until the NTP association resets, resulting in denial of service. \n \n \n\n**CVE-2018-7185** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 103339](<https://www.securityfocus.com/bid/103339>) / NVD: [CVE-2018-7185](<https://nvd.nist.gov/vuln/detail/CVE-2018-7185>) \n**Impact** | Denial of service \n**Description** | A packet handling flaw in ntpd allows a remote attacker to send a packet with a zero-origin timestamp and reset the NTP association. \n \n \n\n### MITIGATION\n\nAll CVEs except CVE-2018-7183 can be exploited only through the management network port for Director, MTD, MC, and SSLV. Allowing only machines, IP addresses and subnets from a trusted network to access to the management network port reduces the threat of exploiting the vulnerabilities.\n\nBy default, Director does not configure ntpd in symmetric on interleave mode. Customers who leave this behavior unchanged prevent attacks against Director using CVE-2018-7170, CVE-2018-7174, and CVE-2018-7185.\n\nBy default, all versions of Security Analytics do not configure ntpd in symmetric or interleave mode. Customers who leave this behavior unchanged prevent attacks against Security Analytics using CVE-2018-7170 and CVE-2018-7185. Also, Security Analytics 7.2 does not query remote NTP servers using ntpq. Customers who leave this behavior unchanged prevent attacks against Security Analytics 7.2 using CVE-2018-7183. \n \n\n\n### REFERENCES\n\nNTP Security Notice - <https://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S> \n \n\n\n### REVISION \n\n2021-01-15 WI 1.14 is vulnerable to CVE-2018-7170. A fix is not available at this time. Fixes will not be provided for WI 1.12. Please upgrade to a later release with the vulnerability fixes. \n2021-01-12 A fix for SSLV 3.10 and SSLV 3.12 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-18 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. A fix for Reporter 10.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-04-17 Content Analysis (CA) 2.4 and later versions are not vulnerable because a fix is available in 2.4.1.1. Reporter 10.5 is not vulnerable because a fix is available in 10.5.1.1. Fixes for Reporter 10.3 and SSLV 4.4 will not be provided. Please upgrade to later versions with the vulnerability fixes. Security Analytics 8.1 is vulnerable to CVE-2018-7170 and CVE-2018-7185. Advanced Secure Gateway (ASG) 7.1 and later are not vulnerable because a fix is available in 7.1.1.1. \n2019-10-07 WI 1.12 and 1.13 are vulnerable to CVE-2018-7170. A fix is not available at this time. \n2019-08-30 Reporter 10.4 has a vulnerable version of the NTP reference implementation, but is not vulnerable to known vectors of attack. \n2019-08-12 A fix for MC 2.0 will not be provided. Please update to a later version with the vulnerability fixes. \n2019-08-09 SSLV 4.5 is not vulnerable because a fix is available in 4.5.1.1. \n2019-08-07 A fix for ASG 6.6 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-08-06 A fix for Reporter 10.1 and 10.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-08-06 A fix for SSLV 4.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-02-27 A fix for CA 2.3 is available in 2.3.5.1. A fix for ASG 6.7 is available in 6.7.4.2. \n2019-02-04 A fix for CA 2.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-01-21 Security Analytics 8.0 is vulnerable to CVE-2018-7170 and CVE-2018-7185. \n2019-01-18 SSLV 4.3 and 4.4 are vulnerable to CVE-2018-7182. SSLV 5.0 is not vulnerable because a fix is available in 5.0.2.1. A fix for SSLV 4.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-01-14 MC 2.1 is not vulnerable because a fix is available in 2.1.1.1. A fix for MC 1.11 will not be provided. Please update to a later version with the vulnerability fixes. Reporter 10.3 has a vulnerable version of the NTP reference implementation, but is not vulnerable to known vectors of attack. \n2019-01-12 A fix for Security Analytics 7.1 will not be provided. Please update to a later version with the vulnerability fixes. \n2019-01-11 A fix for CA 2.1 will not be provided. Please update to a later version with the vulnerability fixes. \n2018-07-23 Director 6.1 is vulnerable to all CVEs. \n2018-04-26 initial public release\n", "modified": "2021-01-15T20:22:24", "published": "2018-04-26T08:00:00", "id": "SMNTC-1451", "href": "", "type": "symantec", "title": " SA165: NTP Vulnerabilities February 2018", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
