PT-2014-1839 · Ntp+9 · Ntp+10

Published

2014-12-19

Updated

2024-06-15

CVE-2014-9294

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.7p230 NTP versions 4.2.6p5 and earlier

Description The issue is related to a weak RNG seed used in the ntp-keygen utility, making it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. This can lead to a violation of confidentiality, integrity, and availability of protected information. The vulnerability can be exploited remotely.

Recommendations For NTP versions prior to 4.2.7p230, update to version 4.2.7p230 or later to resolve the issue. For NTP versions 4.2.6p5 and earlier, update to a version later than 4.2.6p5 to mitigate the risk. As a temporary workaround, consider restricting access to the ntp-keygen utility until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-335

Related Identifiers

ALT-PU-2014-2486

BDU:2015-06449

BDU:2015-06450

BDU:2015-06451

BDU:2015-06452

BDU:2015-06453

BDU:2015-06454

BDU:2015-06537

BDU:2015-09293

BDU:2015-09294

BDU:2015-09295

BDU:2015-09296

BDU:2015-09297

BDU:2015-09298

BDU:2015-09299

BDU:2015-09799

BDU:2015-09874

BDU:2015-09875

BDU:2015-10234

BDU:2015-10235

CESA-2014_2024

CVE-2014-9294

DLA-116-1

DSA-3108-1

HPSBUX03240

MGASA-2014-0541

OPENSUSE-SU-2024:10181-1

RHSA-2014:2024

RHSA-2014:2025

RHSA-2014_2024

RHSA-2014_2025

RHSA-2015:0104

SUSE-SU-2015:0259-1

SUSE-SU-2015:0259-2

SUSE-SU-2015:0259-3

SUSE-SU-2015:0274-1

SUSE-SU-2015:1173-1

USN-2449-1

Affected Products

Alt Linux

Centos

Check Point Gaia

Cisco Ios Xr

Cisco Nexus

Hp-Ux

Ibm Aix

Ntp

Red Hat

Suse

Ubuntu

PT-2014-1839 · Ntp+9 · Ntp+10

CVE-2014-9294

Weakness Enumeration

Related Identifiers

Affected Products

References · 187