- Home
- CVEs with nessus.description==Several+vulnerabilities+were+discovered+in+the+ntp+package%2C+an+implementation+of+the+Network+Time+Protocol.%0A%0A++-+CVE-2014-9293+++++ntpd+generated+a+weak+key+for+its+internal+use%2C+with+++++full+administrative+privileges.+Attackers+could+use+this+++++key+to+reconfigure+ntpd+%28or+to+exploit+other+++++vulnerabilities%29.%0A%0A++-+CVE-2014-9294+++++The+ntp-keygen+utility+generated+weak+MD5+keys+with+++++insufficient+entropy.%0A%0A++-+CVE-2014-9295+++++ntpd+had+several+buffer+overflows+%28both+on+the+stack+and+++++in+the+data+section%29%2C+allowing+remote+authenticated+++++attackers+to+crash+ntpd+or+potentially+execute+arbitrary+++++code.%0A%0A++-+CVE-2014-9296+++++The+general+packet+processing+function+in+ntpd+did+not+++++handle+an+error+case+correctly.%0A%0AThe+default+ntpd+configuration+in+Debian+restricts+access+to+localhost+%28and+possible+the+adjacent+network+in+case+of+IPv6%29.%0A%0AKeys+explicitly+generated+by+%27ntp-keygen+-M%27+should+be+regenerated
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top