7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.966 High
EPSS
Percentile
99.4%
The Network Time Protocol (NTP) is used to synchronize a computer’s time
with a referenced time source.
Multiple buffer overflow flaws were discovered in ntpd’s crypto_recv(),
ctl_putdata(), and configure() functions. A remote attacker could use
either of these flaws to send a specially crafted request packet that could
crash ntpd or, potentially, execute arbitrary code with the privileges of
the ntp user. Note: the crypto_recv() flaw requires non-default
configurations to be active, while the ctl_putdata() flaw, by default, can
only be exploited via local attackers, and the configure() flaw requires
additional authentication to exploit. (CVE-2014-9295)
It was found that ntpd automatically generated weak keys for its internal
use if no ntpdc request authentication key was specified in the ntp.conf
configuration file. A remote attacker able to match the configured IP
restrictions could guess the generated key, and possibly use it to send
ntpdc query or configuration requests. (CVE-2014-9293)
It was found that ntp-keygen used a weak method for generating MD5 keys.
This could possibly allow an attacker to guess generated MD5 keys that
could then be used to spoof an NTP client or server. Note: it is
recommended to regenerate any MD5 keys that had explicitly been generated
with ntp-keygen; the default installation does not contain such keys.
(CVE-2014-9294)
A missing return statement in the receive() function could potentially
allow a remote attacker to bypass NTP’s authentication mechanism.
(CVE-2014-9296)
All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing the
update, the ntpd daemon will restart automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | ppc64 | ntp-perl | < 4.2.6p5-2.el6_5 | ntp-perl-4.2.6p5-2.el6_5.ppc64.rpm |
RedHat | 6 | i686 | ntpdate | < 4.2.6p5-2.el6_5 | ntpdate-4.2.6p5-2.el6_5.i686.rpm |
RedHat | 6 | i686 | ntp | < 4.2.6p5-2.el6_5 | ntp-4.2.6p5-2.el6_5.i686.rpm |
RedHat | 6 | s390x | ntpdate | < 4.2.6p5-2.el6_5 | ntpdate-4.2.6p5-2.el6_5.s390x.rpm |
RedHat | 6 | x86_64 | ntp-debuginfo | < 4.2.6p5-2.el6_5 | ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm |
RedHat | 6 | x86_64 | ntp-perl | < 4.2.6p5-2.el6_5 | ntp-perl-4.2.6p5-2.el6_5.x86_64.rpm |
RedHat | 6 | s390x | ntp-perl | < 4.2.6p5-2.el6_5 | ntp-perl-4.2.6p5-2.el6_5.s390x.rpm |
RedHat | 6 | ppc64 | ntpdate | < 4.2.6p5-2.el6_5 | ntpdate-4.2.6p5-2.el6_5.ppc64.rpm |
RedHat | 6 | s390x | ntp | < 4.2.6p5-2.el6_5 | ntp-4.2.6p5-2.el6_5.s390x.rpm |
RedHat | 6 | x86_64 | ntp | < 4.2.6p5-2.el6_5 | ntp-4.2.6p5-2.el6_5.x86_64.rpm |