what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

CVE-2014-9295

Status Candidate

Overview

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.

Related Files

HP Security Bulletin HPSBHF03432 1
Posted Dec 10, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03432 1 - Potential security vulnerabilities have been identified with HPE Networking Comware 5, Comware 5, Low Encryption SW, Comware 7, and VCX, Using NTP. The vulnerabilities could be remotely exploited resulting in resulting in remote access restriction bypass and code execution. Revision 1 of this advisory.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295
SHA-256 | 678f73403ca3b8273f6c81a3451515dff3b523d9531d109874052b4d1c0be3a4
HP Security Bulletin HPSBOV03505 1
Posted Sep 10, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03505 1 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS running NTP. These vulnerabilities could be exploited remotely to allow unauthenticated attackers to execute code with the privileges of ntpd or cause a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, tcp, vulnerability
advisories | CVE-2013-5211, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | 6bb3a5080fcc5cd3fa3ca04240ae84814580d927317fa3a57b6645ecaeda982a
HP Security Bulletin HPSBUX03240 SSRT101872 2
Posted Apr 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03240 SSRT101872 2 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-9297
SHA-256 | 1f4fd14946b0e379a10db31c1f62663f3c788557aa4411f47f54db8d0cf85d0d
Mandriva Linux Security Advisory 2015-140
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-140 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed. The ntp package has been patched to fix these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, suse, mandriva
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-9297, CVE-2014-9298
SHA-256 | 6c051822021817ac7fc8875977c5ca320de4662ed0ed8219480997118279051d
HP Security Bulletin HPSBGN03277 1
Posted Mar 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03277 1 - Potential security vulnerabilities have been identified with the NTP service that is present on HP Virtualization Performance Viewer (vPV). These could be exploited remotely to execute code, create a Denial of Service (DoS), and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | 6f8df7e9e5aa2dc95c49d69acba27bcb4e6053d7c678ab167cb1204eb8443695
HP Security Bulletin HPSBPV03266
Posted Feb 20, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPV03266 - Potential security vulnerabilities have been identified with certain HP Networking and H3C switches and routers running NTP. The vulnerabilities could be exploited remotely to allow execution of code, disclosure of information and denial of service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295
SHA-256 | 1e5b7079d340789f718e38872fb41274da4f974274be3c825c5f3e12ddb930a8
HP Security Bulletin HPSBUX03240 SSRT101872
Posted Feb 19, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03240 SSRT101872 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-9297
SHA-256 | abc2b7afc4f8f47e2bf3872b6662dfd3cbd30f380650ada88bbaf256a29a3160
Red Hat Security Advisory 2015-0104-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0104-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit.

tags | advisory, remote, overflow, arbitrary, local, protocol
systems | linux, redhat
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | b1cca658d4b8f1fdf7bcc3b84f7d28ce7411a215dd2e3dc836aab539982213b3
Mandriva Linux Security Advisory 2015-003
Posted Jan 5, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-003 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. The ntp package has been patched to fix these issues.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | e84745145e8e44d6f35dc2a132bbaf18a67dbe74926eba9217d0cebc264f9899
Gentoo Linux Security Advisory 201412-34
Posted Dec 26, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-34 - Multiple vulnerabilities have been found in NTP, the worst of which could result in remote execution of arbitrary code. Versions less than 4.2.8 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | 5b5deda4695b2395daea389f9d8700e9e35ad23c665aa66ecf1cb7860ddbcc0c
FreeBSD Security Advisory - NTP Weak Seeding / Buffer Overflow
Posted Dec 24, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source. When no authentication key is set in the configuration file, ntpd(8) would generate a random key that uses a non-linear additive feedback random number generator seeded with very few bits of entropy. The ntp-keygen(8) utility is also affected by a similar issue. When Autokey Authentication is enabled, for example if ntp.conf(5) contains a 'crypto pw' directive, a remote attacker can send a carefully crafted packet that can overflow a stack buffer. In ntp_proto.c, the receive() function is missing a return statement in the case when an error is detected.

tags | advisory, remote, overflow, cryptography, protocol
systems | freebsd
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | 7d0a12f077a570a47b07177a5a88f387e10ed75041b9b627e36f0897b24db3e6
Cisco Security Advisory 20141222-ntpd
Posted Dec 24, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | cisco
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | 5dbade7a53bf1ca9ac25f9e8c3be3931a5da81f0c75dd71cb6377e3ee36e48ba
Apple Security Advisory 2014-12-22-1
Posted Dec 23, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-12-22-1 - A remote attacker may be able to execute arbitrary code Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2014-9295
SHA-256 | b9deebdbb01ab3aed98d8edb7acb54229fac071c690df000c568aceba5071bab
Slackware Security Advisory - ntp Updates
Posted Dec 23, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | d0c96540c2c6dfe9fed363b2449da9517db44123be1a205a479a83c90011f153
Red Hat Security Advisory 2014-2024-01
Posted Dec 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-2024-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit.

tags | advisory, remote, overflow, arbitrary, local, protocol
systems | linux, redhat
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | eedac20f7337d69596f4269af11098d273603b8566ea0c385bf4f50c902ac8d2
Ubuntu Security Notice USN-2449-1
Posted Dec 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2449-1 - Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. Stephen Roettger discovered that NTP generated weak MD5 keys. A remote attacker could possibly use this issue to brute force the MD5 key and spoof a client or server. Stephen Roettger discovered that NTP contained buffer overflows in the crypto_recv(), ctl_putdata() and configure() functions. In non-default configurations, a remote attacker could use these issues to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | 286111117445620d8391d69edda43445e28d24c84f9ba29db3f2c41c02f7041c
Red Hat Security Advisory 2014-2025-01
Posted Dec 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-2025-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit.

tags | advisory, remote, overflow, arbitrary, local, protocol
systems | linux, redhat
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295
SHA-256 | d893c268c3f5fe578780698715118fb8eec3d8f487f827ecfb8dfd311d18e52d
Debian Security Advisory 3108-1
Posted Dec 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3108-1 - Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | 5b4a277b0cef718c24dc6753a54c1bc9d8bcce8e71d504884e286af1764624ab
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close