- Home
- CVEs with nessus.description==Updated+ntp+packages+fix+security+vulnerabilities+%3A%0A%0AIf+no+authentication+key+is+defined+in+the+ntp.conf+file%2C+a+cryptographically-weak+default+key+is+generated+%28CVE-2014-9293%29.%0A%0Antp-keygen+before+4.2.7p230+uses+a+non-cryptographic+random+number+generator+with+a+weak+seed+to+generate+symmetric+keys+%28CVE-2014-9294%29.%0A%0AA+remote+unauthenticated+attacker+may+craft+special+packets+that+trigger+buffer+overflows+in+the+ntpd+functions+crypto_recv%28%29+%28when+using+autokey+authentication%29%2C+ctl_putdata%28%29%2C+and+configure%28%29.+The+resulting+buffer+overflows+may+be+exploited+to+allow+arbitrary+malicious+code+to+be+executed+with+the+privilege+of+the+ntpd+process+%28CVE-2014-9295%29.%0A%0AA+section+of+code+in+ntpd+handling+a+rare+error+is+missing+a+return+statement%2C+therefore+processing+did+not+stop+when+the+error+was+encountered.+This+situation+may+be+exploitable+by+an+attacker+%28CVE-2014-9296%29.%0A%0AThe+ntp+package+has+been+patched+to+fix+these+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top