Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-9750

Опубликовано: 04 фев. 2015
Источник: redhat
CVSS2: 2.6
EPSS Средний

Описание

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash.

Отчет

This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. A mitigation for Red Hat Enterprise Linux 6 and 7 is available at: https://bugzilla.redhat.com/show_bug.cgi?id=1184573#c16

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ntpWill not fix
Red Hat Enterprise Linux 6ntpFixedRHSA-2015:145921.07.2015
Red Hat Enterprise Linux 7ntpFixedRHSA-2015:223119.11.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1184573ntp: vallen in extension fields are not validated

EPSS

Процентиль: 93%
0.10156
Средний

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-9750

ubuntu
около 10 лет назад

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

nvd логотип

CVE-2014-9750

nvd
около 10 лет назад

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

debian логотип

CVE-2014-9750

debian
около 10 лет назад

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentic ...

github логотип

GHSA-2cf6-qqmm-m55v

github
больше 3 лет назад

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

oracle-oval логотип

ELSA-2015-2231

oracle-oval
почти 10 лет назад

ELSA-2015-2231: ntp security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 93%
0.10156
Средний

2.6 Low

CVSS2