PT-2014-1839 · Ntp+9 · Ntp+10

Publicado

2014-12-19

·

Atualizado

2024-06-15

·

CVE-2014-9294

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.7p230 NTP versions 4.2.6p5 and earlier
Description The issue is related to a weak RNG seed used in the ntp-keygen utility, making it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. This can lead to a violation of confidentiality, integrity, and availability of protected information. The vulnerability can be exploited remotely.
Recommendations For NTP versions prior to 4.2.7p230, update to version 4.2.7p230 or later to resolve the issue. For NTP versions 4.2.6p5 and earlier, update to a version later than 4.2.6p5 to mitigate the risk. As a temporary workaround, consider restricting access to the ntp-keygen utility until a patch is available.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-335

Identificadores relacionados

ALT-PU-2014-2486
BDU:2015-06449
BDU:2015-06450
BDU:2015-06451
BDU:2015-06452
BDU:2015-06453
BDU:2015-06454
BDU:2015-06537
BDU:2015-09293
BDU:2015-09294
BDU:2015-09295
BDU:2015-09296
BDU:2015-09297
BDU:2015-09298
BDU:2015-09299
BDU:2015-09799
BDU:2015-09874
BDU:2015-09875
BDU:2015-10234
BDU:2015-10235
CESA-2014_2024
CVE-2014-9294
DLA-116-1
DSA-3108-1
HPSBUX03240
MGASA-2014-0541
OPENSUSE-SU-2024:10181-1
RHSA-2014:2024
RHSA-2014:2025
RHSA-2014_2024
RHSA-2014_2025
RHSA-2015:0104
SUSE-SU-2015:0259-1
SUSE-SU-2015:0259-2
SUSE-SU-2015:0259-3
SUSE-SU-2015:0274-1
SUSE-SU-2015:1173-1
USN-2449-1

Produtos afetados

Alt Linux
Centos
Check Point Gaia
Cisco Ios Xr
Cisco Nexus
Hp-Ux
Ibm Aix
Ntp
Red Hat
Suse
Ubuntu