Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-3154-2
HistoryFeb 05, 2015 - 12:00 a.m.

ntp - incomplete fix

2015-02-0500:00:00
Google
osv.dev
8

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Several vulnerabilities were discovered in the ntp package, an
implementation of the Network Time Protocol. The Common Vulnerabilities
and Exposures project identifies the following problems:

  • CVE-2014-9750
    Stephen Roettger of the Google Security Team, Sebastian Krahmer of
    the SUSE Security Team and Harlan Stenn of Network Time Foundation
    discovered that the length value in extension fields is not properly
    validated in several code paths in ntp_crypto.c, which could lead to
    information leakage or denial of service (ntpd crash).
  • CVE-2014-9751
    Stephen Roettger of the Google Security Team reported that ACLs
    based on IPv6 ::1 addresses can be bypassed.

For the stable distribution (wheezy), these problems have been fixed in
version 1:4.2.6.p5+dfsg-2+deb7u2.

For the unstable distribution (sid), these problems have been fixed in
version 1:4.2.6.p5+dfsg-4.

We recommend that you upgrade your ntp packages.

Related

osv 3
ibm 4
nessus 26
openvas 16
cve 7
prion 7
f5 5
debiancve 5
veracode 5
centos 4
redhat 4
ubuntucve 5
oraclelinux 1
debian 2
amazon 1
freebsd_advisory 1
slackware 1
osv
osv
ntp - security update
2015-02-05 00:00:00
ntp - security update
2015-11-01 00:00:00
ntp - security update
2015-10-28 00:00:00
ibm
ibm
Security Bulletin: IBM Pure Power Integrated Manager (PPIM) is affected by vulnerabilities in ntp (CVE-2014-9750, CVE-2014-9751)
2018-06-18 01:30:30
Security Bulletin: Multiple Security Vulnerabilities affecting IBM Netezza Host Management
2019-10-18 03:10:29
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter
2023-04-14 14:32:25
nessus
nessus
Debian DSA-3154-1 : ntp - security update
2015-02-06 00:00:00
CentOS 7 : ntp (CESA-2015:2231)
2015-12-02 00:00:00
RHEL 6 : ntp (RHSA-2015:1459)
2015-07-23 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3154-2)
2015-02-04 00:00:00
NTP.org 'ntpd' Multiple Vulnerabilities
2017-01-05 00:00:00
Debian: Security Advisory (DLA-149-1)
2023-03-08 00:00:00
cve
cve
CVE-2014-9298
2015-10-06 01:59:00
CVE-2014-9297
2015-10-06 01:59:00
CVE-2014-9751
2015-10-06 01:59:00
prion
prion
Design/Logic Flaw
2015-10-06 01:59:00
Design/Logic Flaw
2015-10-06 01:59:00
Authentication flaw
2015-10-06 01:59:00
f5
f5
SOL16393 - NTP vulnerability CVE-2014-9751
2015-04-09 00:00:00
K16393 : NTP vulnerability CVE-2014-9751
2015-11-07 00:00:00
K16392 : NTP vulnerability CVE-2014-9750
2015-11-07 00:00:00
debiancve
debiancve
CVE-2014-9751
2015-10-06 01:59:00
CVE-2014-9750
2015-10-06 01:59:00
CVE-2015-7702
2017-08-07 20:29:00
veracode
veracode
Sensitive Information Leak
2019-05-02 05:41:07
Denial Of Service (DoS)
2019-05-02 05:29:36
Denial Of Service (DoS)
2019-05-02 05:29:36
centos
centos
ntp, ntpdate security update
2015-07-26 14:13:05
ntp, ntpdate, sntp security update
2015-11-30 19:45:44
ntp, ntpdate security update
2016-05-16 10:19:19
redhat
redhat
(RHSA-2015:2231) Moderate: ntp security, bug fix, and enhancement update
2015-11-19 14:42:12
(RHSA-2015:1459) Moderate: ntp security, bug fix, and enhancement update
2015-07-22 00:00:00
(RHSA-2016:0780) Moderate: ntp security and bug fix update
2016-05-10 06:42:20
ubuntucve
ubuntucve
CVE-2014-9751
2015-10-06 00:00:00
CVE-2014-9750
2015-10-06 00:00:00
CVE-2015-7691
2015-10-22 00:00:00
oraclelinux
oraclelinux
ntp security, bug fix, and enhancement update
2015-11-23 00:00:00
debian
debian
[SECURITY] [DSA 3388-1] ntp security update
2015-11-01 22:20:55
[SECURITY] [DLA 335-1] ntp security update
2015-10-28 20:45:05
amazon
amazon
Important: ntp
2015-10-27 16:42:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:25.ntp
2015-10-26 00:00:00
slackware
slackware
[slackware-security] ntp
2015-10-29 22:49:05

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DSA-3154-2
osv3ibm4nessus26openvas16cve7prion7f55debiancve5veracode5centos4redhat4ubuntucve5oraclelinux1debian2amazon1freebsd_advisory1slackware1