ID CVE-2014-9293
Summary The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
References
Vulnerable Configurations
  • NTP 4.2.7
    cpe:2.3:a:ntp:ntp:4.2.7
CVSS
Base: 7.5 (as of 01-11-2016 - 13:05)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
redhat via4
advisories
  • rhsa
    id RHSA-2014:2025
  • rhsa
    id RHSA-2015:0104
rpms
  • ntp-0:4.2.6p5-19.el7_0
  • ntp-doc-0:4.2.6p5-19.el7_0
  • ntp-perl-0:4.2.6p5-19.el7_0
  • ntpdate-0:4.2.6p5-19.el7_0
  • sntp-0:4.2.6p5-19.el7_0
  • ntp-0:4.2.6p5-2.el6_6
  • ntp-doc-0:4.2.6p5-2.el6_6
  • ntp-perl-0:4.2.6p5-2.el6_6
  • ntpdate-0:4.2.6p5-2.el6_6
  • ntp-0:4.2.2p1-18.el5_11
refmap via4
bid 71757
cert-vn VU#852879
cisco 20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products
confirm
hp
  • HPSBGN03277
  • HPSBOV03505
  • HPSBPV03266
  • HPSBUX03240
  • SSRT101872
mandriva MDVSA-2015:003
secunia 62209
Last major update 02-01-2017 - 21:59
Published 19-12-2014 - 21:59
Back to Top