CVE-2014-9295

HIGH

Description

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.

References

http://advisories.mageia.org/MGASA-2014-0541.html

http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA

http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg

http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97g

http://bugs.ntp.org/show_bug.cgi?id=2667

http://bugs.ntp.org/show_bug.cgi?id=2668

http://bugs.ntp.org/show_bug.cgi?id=2669

http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html

http://marc.info/?l=bugtraq&m=142469153211996&w=2

http://marc.info/?l=bugtraq&m=142590659431171&w=2

http://marc.info/?l=bugtraq&m=142853370924302&w=2

http://marc.info/?l=bugtraq&m=144182594518755&w=2

http://rhn.redhat.com/errata/RHSA-2014-2025.html

http://rhn.redhat.com/errata/RHSA-2015-0104.html

http://secunia.com/advisories/62209

http://support.ntp.org/bin/view/Main/SecurityNotice

http://www.kb.cert.org/vuls/id/852879

http://www.mandriva.com/security/advisories?name=MDVSA-2015:003

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.securityfocus.com/bid/71761

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htm

https://bugzilla.redhat.com/show_bug.cgi?id=1176037

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

https://kc.mcafee.com/corporate/index?page=content&id=SB10103

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

Details

Source: MITRE

Published: 2014-12-20

Updated: 2018-11-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (44 total)

ID	Name	Product	Family	Severity
105085	Check Point Gaia Operating System < R77.20 Multiple NTP Client Vulnerabilities (sk103825)	Nessus	Firewalls	high
83877	Cisco Prime LAN Management Solution ntpd Multiple Vulnerabilities	Nessus	CISCO	high
83876	Cisco Prime Data Center Network Manager ntpd Multiple Vulnerabilities (uncredentialed check)	Nessus	CISCO	high
82683	HP-UX PHNE_44236 : s700_800 11.23 NTP timeservices upgrade plus utilities	Nessus	HP-UX Local Security Checks	high
82682	HP-UX PHNE_44235 : s700_800 11.11 NTP timeservices upgrade plus utilities	Nessus	HP-UX Local Security Checks	high
82393	Mandriva Linux Security Advisory : ntp (MDVSA-2015:140)	Nessus	Mandriva Local Security Checks	high
82099	Debian DLA-116-1 : ntp security update	Nessus	Debian Local Security Checks	high
81981	Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p1 Multiple Vulnerabilities	Nessus	Misc.	high
81980	Cisco Prime Security Manager Network Time Protocol Daemon (ntpd) Multiple Vulnerabilities (cisco-sa-20141222-ntpd)	Nessus	CGI abuses	high
81913	Cisco IOS XR NCS 6000 Multiple ntpd Vulnerabilities	Nessus	CISCO	high
81912	Cisco IOS XR Multiple ntpd Vulnerabilities	Nessus	CISCO	high
81911	Cisco NX-OS Multiple ntpd Vulnerabilities	Nessus	CISCO	high
81557	F5 Networks BIG-IP : NTP vulnerability (SOL15936)	Nessus	F5 Networks Local Security Checks	high
81275	AIX 7.1 TL 3 : ntp (IV68430)	Nessus	AIX Local Security Checks	high
81274	AIX 7.1 TL 2 : ntp (IV68429)	Nessus	AIX Local Security Checks	high
81273	AIX 6.1 TL 9 : ntp (IV68428)	Nessus	AIX Local Security Checks	high
81272	AIX 5.3 TL 12 : ntp (IV68427)	Nessus	AIX Local Security Checks	high
81271	AIX 6.1 TL 8 : ntp (IV68426)	Nessus	AIX Local Security Checks	high
81071	RHEL 6 : ntp (RHSA-2015:0104)	Nessus	Red Hat Local Security Checks	high
80934	Oracle Solaris Third-Party Patch Update : ntp (multiple_vulnerabilities_in_ntp)	Nessus	Solaris Local Security Checks	high
80395	OracleVM 2.2 : ntp (OVMSA-2015-0002)	Nessus	OracleVM Local Security Checks	high
80394	OracleVM 3.2 : ntp (OVMSA-2015-0001)	Nessus	OracleVM Local Security Checks	high
80384	Mandriva Linux Security Advisory : ntp (MDVSA-2015:003)	Nessus	Mandriva Local Security Checks	high
80310	Fedora 19 : ntp-4.2.6p5-13.fc19 (2014-17395)	Nessus	Fedora Local Security Checks	high
80248	OracleVM 3.3 : ntp (OVMSA-2014-0085)	Nessus	OracleVM Local Security Checks	high
80239	GLSA-201412-34 : NTP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
80237	Fedora 21 : ntp-4.2.6p5-25.fc21 (2014-17367)	Nessus	Fedora Local Security Checks	high
80227	APPLE-SA-2014-12-22-1 OS X NTP Security Update (Mac OS X)	Nessus	MacOS X Local Security Checks	high
80218	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : ntp vulnerabilities (USN-2449-1)	Nessus	Ubuntu Local Security Checks	high
80217	SuSE 11.3 Security Update : ntp (SAT Patch Number 10117)	Nessus	SuSE Local Security Checks	high
80208	Debian DSA-3108-1 : ntp - security update	Nessus	Debian Local Security Checks	high
80204	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2014-356-01)	Nessus	Slackware Local Security Checks	high
80164	Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
80163	Scientific Linux Security Update : ntp on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
80161	RHEL 5 : ntp (RHSA-2014:2025)	Nessus	Red Hat Local Security Checks	high
80160	RHEL 6 / 7 : ntp (RHSA-2014:2024)	Nessus	Red Hat Local Security Checks	high
80155	Oracle Linux 5 : ntp (ELSA-2014-2025)	Nessus	Oracle Linux Local Security Checks	high
80154	Oracle Linux 6 / 7 : ntp (ELSA-2014-2024)	Nessus	Oracle Linux Local Security Checks	high
80151	openSUSE Security Update : ntp (openSUSE-SU-2014:1670-1)	Nessus	SuSE Local Security Checks	high
80149	FreeBSD : ntp -- multiple vulnerabilities (4033d826-87dd-11e4-9079-3c970e169bc2)	Nessus	FreeBSD Local Security Checks	high
80147	Fedora 20 : ntp-4.2.6p5-19.fc20 (2014-17361)	Nessus	Fedora Local Security Checks	high
80125	CentOS 5 : ntp (CESA-2014:2025)	Nessus	CentOS Local Security Checks	high
80124	CentOS 6 / 7 : ntp (CESA-2014:2024)	Nessus	CentOS Local Security Checks	high
80122	Amazon Linux AMI : ntp (ALAS-2014-462)	Nessus	Amazon Linux Local Security Checks	high