Authentication flaw

2015-10-0601:59:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.01 Low

EPSS

Percentile

82.9%

JSON

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq7.0
debian_linuxeq9.0
ntpeq4.2.8
ntpge4.2.0
ntplt4.2.8
linuxeq7
enterprise_linux_desktopeq6.0
enterprise_linux_servereq6.0
enterprise_linux_workstationeq6.0

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	7.0
debian_linux	eq	9.0
ntp	eq	4.2.8
ntp	ge	4.2.0
ntp	lt	4.2.8
linux	eq	7
enterprise_linux_desktop	eq	6.0
enterprise_linux_server	eq	6.0
enterprise_linux_workstation	eq	6.0