Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-9295

Published: 20/12/2014 Updated: 17/11/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Ntp

Vulnerability Summary

Multiple stack-based buffer overflows in ntpd in NTP prior to 4.2.8 allow remote malicious users to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp

Vendor Advisories

Debian CVElist Bug Report Logs: ntp: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296
Debian Bug report logs - #773576 ntp: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 Package: src:ntp; Maintainer for src:ntp is Debian NTP Team <ntp@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Dec 2014 05:39:07 UTC Severity: grave Tags: fixed-upstream, security, ...
Ubuntu Security Notice: ntp vulnerabilities
Several security issues were fixed in NTP ...
Red Hat: Important: ntp security update
Synopsis Important: ntp security update Type/Severity Security Advisory: Important Topic Updated ntp packages that fix several security issues are now availablefor Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Important securityimpact A Common Vulnerability Scori ...
Red Hat: Important: ntp security update
Synopsis Important: ntp security update Type/Severity Security Advisory: Important Topic Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having Important securityimpact A Common Vulnerability Scoring Sy ...
Red Hat: Important: ntp security update
Synopsis Important: ntp security update Type/Severity Security Advisory: Important Topic Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 65 Extended Update SupportRed Hat Product Security has rated this update as having Important securityimpact Common ...
Debian Security Advisories: DSA-3108-1 ntp -- security update
Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol CVE-2014-9293 ntpd generated a weak key for its internal use, with full administrative privileges Attackers could use this key to reconfigure ntpd (or to exploit other vulnerabilities) CVE-2014-9294 The ntp-keygen utility g ...
Amazon Linux AMI: ALAS-2014-462
It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntpconf configuration file A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests (CVE-2014-9293) It was ...
Red Hat: CVE-2014-9295
Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user Note: the crypto_recv() flaw requires non d ...
Tenable Security Advisories: [R3] Tenable Appliance Affected by NTP Vulnerabilities
The Tenable Appliance ships with the Network Time Protocol (NTP) service Recently, several vulnerabilities were identified by a third-party and fixed by the vendor Some of these issues may allow for remote code execution The issues include: NTP ntpd/ntp_cryptoc crypto_recv() Function Packet Handling Remote Stack Buffer Overflow NTP ntpd/ntp_co ...
Citrix Security Bulletins: Citrix Security Advisory for NTP Vulnerabilities
Description of Problem Citrix is aware of recent vulnerability reports that impact Network Time Protocol (NTP) and is actively investigating the potential impact of these issues on Citrix products There are a number of CVEs related to this issue, the current set includes: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 The fol ...

Github Repositories

https://github.com/sous-chefs/ntp

Development repository for the ntp cookbook

NTP Cookbook Installs and configures ntp On Windows systems it uses the Meinberg port of the standard NTPd client to Windows Maintainers This cookbook is maintained by the Sous Chefs The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks If you’d like to know more please visit sous-chefsorg or come chat with

https://github.com/opragel/osx-10.7-ntp

Contains NTP update for Apple OS X 10.7 Lion.

osx-107-ntp Contains NTP update to protect against CVE-2014-9295 which affects operating systems running NTP4 prior to version 428

https://github.com/chef-cookbooks/ntp

Development repository for the ntp cookbook

NTP Cookbook Installs and configures ntp On Windows systems it uses the Meinberg port of the standard NTPd client to Windows Maintainers This cookbook is maintained by the Sous Chefs The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks If you’d like to know more please visit sous-chefsorg or come chat with

References

CWE-119http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97ghttps://bugzilla.redhat.com/show_bug.cgi?id=1176037http://bugs.ntp.org/show_bug.cgi?id=2668http://support.ntp.org/bin/view/Main/SecurityNoticehttp://bugs.ntp.org/show_bug.cgi?id=2667http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cghttp://www.kb.cert.org/vuls/id/852879http://bugs.ntp.org/show_bug.cgi?id=2669http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acc4dN1TbM1tRJrbPcA4yc1aTdAhttp://rhn.redhat.com/errata/RHSA-2014-2025.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0104.htmlhttp://marc.info/?l=bugtraq&m=142469153211996&w=2http://marc.info/?l=bugtraq&m=142590659431171&w=2http://www.mandriva.com/security/advisories?name=MDVSA-2015:003http://advisories.mageia.org/MGASA-2014-0541.htmlhttp://marc.info/?l=bugtraq&m=144182594518755&w=2http://marc.info/?l=bugtraq&m=142853370924302&w=2http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/71761https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htmhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpdhttps://kc.mcafee.com/corporate/index?page=content&id=SB10103http://secunia.com/advisories/62209http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.htmlhttps://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixeshttps://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773576https://usn.ubuntu.com/2449-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-9295https://www.kb.cert.org/vuls/id/852879
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook