Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2014-9750

Published: 06/10/2015 Updated: 18/06/2020
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Subscribe to Ntp

Vulnerability Summary

ntp_crypto.c in ntpd in NTP 4.x prior to 4.2.8p1, when Autokey Authentication is enabled, allows remote malicious users to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp

ntp ntp 4.2.8

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

debian debian linux 7.0

debian debian linux 8.0

debian debian linux 9.0

oracle linux 7

Vendor Advisories

Red Hat: Moderate: ntp security, bug fix, and enhancement update
Synopsis Moderate: ntp security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated ntp packages that fix multiple security issues, several bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update a ...
Red Hat: Moderate: ntp security and bug fix update
Synopsis Moderate: ntp security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ntp is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Debian Security Advisories: DSA-3154-1 ntp -- security update
Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9750 Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation ...
Debian Security Advisories: DSA-3388-1 ntp -- security update
Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets An attacker could use a specially crafted package to cause ntpd to crash if: ntpd enabled remote configuration The attacker had the ...
Red Hat: CVE-2014-9750
A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash ...

References

CWE-20http://www.kb.cert.org/vuls/id/852879http://bugs.ntp.org/show_bug.cgi?id=2671https://bugzilla.redhat.com/show_bug.cgi?id=1184573http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulnehttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/72583http://www.debian.org/security/2015/dsa-3388http://rhn.redhat.com/errata/RHSA-2015-1459.htmlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_ushttps://access.redhat.com/errata/RHSA-2015:2231https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-9750https://www.debian.org/security/./dsa-3154
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook