Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9294

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9294
Last Modified 25 Mar 2015 10:00:23
Published 19 Dec 2014 09:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9294

Summary

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Vulnerable Systems

Application

  • Ntp 4.2.7


References

CERT-VN - VU#852879

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1176035

CONFIRM - http://support.ntp.org/bin/view/Main/SecurityNotice

CONFIRM - http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs&REV=4eae1b72298KRoBQmX-y8URCiRPH5g

CONFIRM - http://bugs.ntp.org/show_bug.cgi?id=2666

REDHAT - RHSA-2015:0104

REDHAT - RHSA-2014:2025

HP - HPSBPV03266

HP - HPSBGN03277

MANDRIVA - MDVSA-2015:003

CONFIRM - http://advisories.mageia.org/MGASA-2014-0541.html


Last Updated: 27 May 2016 11:08:12