- Home
- CVEs with nessus.description==Several+vulnerabilities+were+discovered+in+the+ntp+package%2C+an+implementation+of+the+Network+Time+Protocol.%0A%0ACVE-2014-9293%0A%0Antpd+generated+a+weak+key+for+its+internal+use%2C+with+full+administrative+privileges.+Attackers+could+use+this+key+to+reconfigure+ntpd+%28or+to+exploit+other+vulnerabilities%29.%0A%0ACVE-2014-9294%0A%0AThe+ntp-keygen+utility+generated+weak+MD5+keys+with+insufficient+entropy.%0A%0ACVE-2014-9295%0A%0Antpd+had+several+buffer+overflows+%28both+on+the+stack+and+in+the+data+section%29%2C+allowing+remote+authenticated+attackers+to+crash+ntpd+or+potentially+execute+arbitrary+code.%0A%0ACVE-2014-9296%0A%0AThe+general+packet+processing+function+in+ntpd+did+not+handle+an+error+case+correctly.%0A%0AThe+default+ntpd+configuration+in+Debian+restricts+access+to+localhost+%28and+possible+the+adjacent+network+in+case+of+IPv6%29.%0A%0AKeys+explicitly+generated+by+%27ntp-keygen+-M%27+should+be+regenerated.%0A%0AFor+the+oldstable+distribution+%28squeeze%29%2C+these+problems+have+been+fixed+in+version+4.2.6.p2%2Bdfsg-1%2Bdeb6u1.%0A%0AWe+recommend+that+you+upgrade+your+heirloom-mailx+packages.%0A%0AThanks+to+the+Florian+Weimer+for+the+Red+Hat+security+update.%0A%0ANOTE%3A+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+DLA+security+advisory.+Tenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top