- Home
- CVEs with nessus.description==CERT reports :
The Network Time Protocol (NTP) provides networked systems with a way
to synchronize time for various services and applications. ntpd
version 4.2.7 and previous versions allow attackers to overflow
several buffers in a way that may allow malicious code to be executed.
ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic
random number generator when generating symmetric keys.
The buffer overflow vulnerabilities in ntpd may allow a remote
unauthenticated attacker to execute arbitrary malicious code with the
privilege level of the ntpd process. The weak default key and
non-cryptographic random number generator in ntp-keygen may allow an
attacker to gain information regarding the integrity checking and
authentication encryption schemes.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top