Published: 20/12/2014 Updated: 17/11/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The config_auth function in ntpd in NTP prior to 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote malicious users to defeat cryptographic protection mechanisms via a brute-force attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ntp ntp

Debian Bug report logs - #773576 ntp: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 Package: src:ntp; Maintainer for src:ntp is Debian NTP Team <ntp@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Dec 2014 05:39:07 UTC Severity: grave Tags: fixed-upstream, security, ...

Several security issues were fixed in NTP ...

Synopsis Important: ntp security update Type/Severity Security Advisory: Important Topic Updated ntp packages that fix several security issues are now availablefor Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Important securityimpact A Common Vulnerability Scori ...

Synopsis Important: ntp security update Type/Severity Security Advisory: Important Topic Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having Important securityimpact A Common Vulnerability Scoring Sy ...

Synopsis Important: ntp security update Type/Severity Security Advisory: Important Topic Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 65 Extended Update SupportRed Hat Product Security has rated this update as having Important securityimpact Common ...

Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol CVE-2014-9293 ntpd generated a weak key for its internal use, with full administrative privileges Attackers could use this key to reconfigure ntpd (or to exploit other vulnerabilities) CVE-2014-9294 The ntp-keygen utility g ...

It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntpconf configuration file A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests (CVE-2014-9293) It was ...

It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntpconf configuration file A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests ...

The Tenable Appliance ships with the Network Time Protocol (NTP) service Recently, several vulnerabilities were identified by a third-party and fixed by the vendor Some of these issues may allow for remote code execution The issues include: NTP ntpd/ntp_cryptoc crypto_recv() Function Packet Handling Remote Stack Buffer Overflow NTP ntpd/ntp_co ...

Description of Problem Citrix is aware of recent vulnerability reports that impact Network Time Protocol (NTP) and is actively investigating the potential impact of these issues on Citrix products There are a number of CVEs related to this issue, the current set includes: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 The fol ...

Development repository for the ntp cookbook

NTP Cookbook Installs and configures ntp On Windows systems it uses the Meinberg port of the standard NTPd client to Windows Maintainers This cookbook is maintained by the Sous Chefs The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks If you’d like to know more please visit sous-chefsorg or come chat with

Development repository for the ntp cookbook

NTP Cookbook Installs and configures ntp On Windows systems it uses the Meinberg port of the standard NTPd client to Windows Maintainers This cookbook is maintained by the Sous Chefs The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks If you’d like to know more please visit sous-chefsorg or come chat with

NVD-CWE-Other https://bugzilla.redhat.com/show_bug.cgi?id=1176032 http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs&REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw http://support.ntp.org/bin/view/Main/SecurityNotice http://www.kb.cert.org/vuls/id/852879 http://bugs.ntp.org/show_bug.cgi?id=2665 http://rhn.redhat.com/errata/RHSA-2014-2025.html http://rhn.redhat.com/errata/RHSA-2015-0104.html http://marc.info/?l=bugtraq&m=142469153211996&w=2 http://marc.info/?l=bugtraq&m=142590659431171&w=2 http://advisories.mageia.org/MGASA-2014-0541.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:003 http://marc.info/?l=bugtraq&m=144182594518755&w=2 http://marc.info/?l=bugtraq&m=142853370924302&w=2 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/71757 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd https://kc.mcafee.com/corporate/index?page=content&id=SB10103 http://secunia.com/advisories/62209 https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773576 https://usn.ubuntu.com/2449-1/https://access.redhat.com/security/cve/cve-2014-9293 https://www.kb.cert.org/vuls/id/852879

CVE-2014-9293

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect