- Home
- CVEs with nessus.description==The+version+of+the+remote+NTP+server+is+4.x+prior+to+4.2.8p1.+It+is%2C+therefore%2C+affected+by+the+following+vulnerabilities+%3A%0A%0A++-+A+security+weakness+exists+due+to+the+config_auth%28%29+++++function+improperly+generating+default+keys+when+no+++++authentication+key+is+defined+in+the+ntp.conf+file.%0A++++Key+size+is+limited+to+31+bits+and+the+insecure+++++ntp_random%28%29+function+is+used%2C+resulting+in+++++cryptographically-weak+keys+with+insufficient+entropy.+A+++++remote+attacker+can+exploit+this+to+defeat+cryptographic+++++protection+mechanisms+via+a+brute-force+attack.%0A++++%28CVE-2014-9293%29%0A%0A++-+A+security+weakness+exists+due+the+use+of+a+weak+seed+to+++++prepare+a+random+number+generator+used+to+generate+++++symmetric+keys.+This+allows+a+remote+attacker+to+defeat+++++cryptographic+protection+mechanisms+via+a+brute-force+++++attack.+%28CVE-2014-9294%29%0A%0A++-+Multiple+stack-based+buffer+overflow+conditions+exist+++++due+to+improper+validation+of+user-supplied+input+when+++++handling+packets+in+the+crypto_recv%28%29%2C+ctl_putdata%28%29%2C+++++and+configure%28%29+functions+when+using+autokey+++++authentication.+A+remote+attacker+can+exploit+this%2C+via+++++a+specially+crafted+packet%2C+to+cause+a+denial+of+service+++++condition+or+the+execution+of+arbitrary+code.%0A++++%28CVE-2014-9295%29%0A%0A++-+A+unspecified+vulnerability+exists+due+to+missing+return+++++statements+in+the+receive%28%29+function%2C+resulting+in+++++continued+processing+even+when+an+authentication+error+++++is+encountered.+This+allows+a+remote+attacker%2C+via+++++specially+crafted+packets%2C+to+trigger+unintended+++++association+changes.+%28CVE-2014-9296%29%0A%0A++-+An+information+disclosure+vulnerability+exists+due+to+++++improper+validation+of+the+%27vallen%27+value+in+extension+++++fields+in+ntp_crypto.c.+A+remote+attacker+can+exploit+++++this+to+disclose+sensitive+information.+%28CVE-2014-9750%29%0A%0A++-+A+security+bypass+vulnerability+exists+due+to+a+failure+++++to+restrict+%3A%3A1+source+addresses+on+IPv6+interfaces.+A+++++remote+attacker+can+exploit+this+to+bypass+configured+++++ACLs+based+on+%3A%3A1.+%28CVE-2014-9751%29%0A%0ANote+that+CVE-2014-9750+and+CVE-2014-9751+supersede+the+discontinued+identifiers+CVE-2014-9297+and+CVE-2014-9298%2C+which+were+originally+cited+in+the+vendor+advisory
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top