Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-9296

Published: 20/12/2014 Updated: 17/11/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Ntp

Vulnerability Summary

The receive function in ntp_proto.c in ntpd in NTP prior to 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote malicious users to trigger an unintended association change via crafted packets.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp

Vendor Advisories

Red Hat: Important: ntp security update
Synopsis Important: ntp security update Type/Severity Security Advisory: Important Topic Updated ntp packages that fix several security issues are now availablefor Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Important securityimpact A Common Vulnerability Scori ...
Red Hat: Important: ntp security update
Synopsis Important: ntp security update Type/Severity Security Advisory: Important Topic Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 65 Extended Update SupportRed Hat Product Security has rated this update as having Important securityimpact Common ...
Debian CVElist Bug Report Logs: ntp: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296
Debian Bug report logs - #773576 ntp: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 Package: src:ntp; Maintainer for src:ntp is Debian NTP Team <ntp@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Dec 2014 05:39:07 UTC Severity: grave Tags: fixed-upstream, security, ...
Ubuntu Security Notice: ntp vulnerabilities
Several security issues were fixed in NTP ...
Debian Security Advisories: DSA-3108-1 ntp -- security update
Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol CVE-2014-9293 ntpd generated a weak key for its internal use, with full administrative privileges Attackers could use this key to reconfigure ntpd (or to exploit other vulnerabilities) CVE-2014-9294 The ntp-keygen utility g ...
Amazon Linux AMI: ALAS-2014-462
It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntpconf configuration file A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests (CVE-2014-9293) It was ...
Red Hat: CVE-2014-9296
A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism ...
Tenable Security Advisories: [R3] Tenable Appliance Affected by NTP Vulnerabilities
The Tenable Appliance ships with the Network Time Protocol (NTP) service Recently, several vulnerabilities were identified by a third-party and fixed by the vendor Some of these issues may allow for remote code execution The issues include: NTP ntpd/ntp_cryptoc crypto_recv() Function Packet Handling Remote Stack Buffer Overflow NTP ntpd/ntp_co ...
Citrix Security Bulletins: Citrix Security Advisory for NTP Vulnerabilities
Description of Problem Citrix is aware of recent vulnerability reports that impact Network Time Protocol (NTP) and is actively investigating the potential impact of these issues on Citrix products There are a number of CVEs related to this issue, the current set includes: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 The fol ...

References

CWE-17https://bugzilla.redhat.com/show_bug.cgi?id=1176040http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAghttp://support.ntp.org/bin/view/Main/SecurityNoticehttp://bugs.ntp.org/show_bug.cgi?id=2670http://www.kb.cert.org/vuls/id/852879http://rhn.redhat.com/errata/RHSA-2015-0104.htmlhttp://marc.info/?l=bugtraq&m=142590659431171&w=2http://advisories.mageia.org/MGASA-2014-0541.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:003http://marc.info/?l=bugtraq&m=142853370924302&w=2http://marc.info/?l=bugtraq&m=144182594518755&w=2http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/71758https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpdhttps://kc.mcafee.com/corporate/index?page=content&id=SB10103http://secunia.com/advisories/62209http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.htmlhttps://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8https://access.redhat.com/errata/RHSA-2014:2024https://nvd.nist.govhttps://usn.ubuntu.com/2449-1/https://access.redhat.com/security/cve/cve-2014-9296https://www.kb.cert.org/vuls/id/852879
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook