Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9293

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9293
Last Modified 25 Mar 2015 10:00:22
Published 19 Dec 2014 09:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9293

Summary

The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Vulnerable Systems

Application

  • Ntp 4.2.7


References

CERT-VN - VU#852879

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1176032

CONFIRM - http://support.ntp.org/bin/view/Main/SecurityNotice

CONFIRM - http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs&REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw

CONFIRM - http://bugs.ntp.org/show_bug.cgi?id=2665

REDHAT - RHSA-2015:0104

REDHAT - RHSA-2014:2025

HP - HPSBPV03266

HP - HPSBGN03277

MANDRIVA - MDVSA-2015:003

CONFIRM - http://advisories.mageia.org/MGASA-2014-0541.html


Last Updated: 27 May 2016 11:08:12