Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9295

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9295
Last Modified 25 Mar 2015 10:00:24
Published 19 Dec 2014 09:59:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9295

Summary

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.

Vulnerable Systems

Application

  • Ntp 4.2.7


References

CERT-VN - VU#852879

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1176037

CONFIRM - http://support.ntp.org/bin/view/Main/SecurityNotice

CONFIRM - http://bugs.ntp.org/show_bug.cgi?id=2669

CONFIRM - http://bugs.ntp.org/show_bug.cgi?id=2668

CONFIRM - http://bugs.ntp.org/show_bug.cgi?id=2667

CONFIRM - http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97g

CONFIRM - http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg

CONFIRM - http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA

REDHAT - RHSA-2015:0104

REDHAT - RHSA-2014:2025

HP - HPSBPV03266

HP - HPSBGN03277

MANDRIVA - MDVSA-2015:003

CONFIRM - http://advisories.mageia.org/MGASA-2014-0541.html

Related Patches

Apple OS X NTP Security Update for Mac OS X Mountain Lion (HT6601)

Apple OS X NTP Security Update for Mac OS X Yosemite (HT6601)

Apple OS X NTP Security Update for Mac OS X Mavericks (HT6601)


Last Updated: 27 May 2016 11:08:12