K16392: NTP vulnerability CVE-2014-9750

Security Advisory Description The vallen packet value is not validated in several code paths in ntpcrypto.c which can lead to information leakage or a possible crash of ntpd. CVE-2014-9750 Note : The original candidate number referenced in this article, CVE-2014-9297, was rejected because it was...

SUSE CVE-2014-9750

ntpcrypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service daemon crash via a packet containing an extension field with an invalid value for the length of its value...

ntp: slow memory leak in CRYPTO_ASSOC

A memory leak flaw was found in ntpd's CRYPTOASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory...

ntp: slow memory leak in CRYPTO_ASSOC

A memory leak flaw was found in ntpd's CRYPTOASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory...

[SECURITY] [DSA 3388-1] ntp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3388-1 [email protected] https://www.debian.org/security/ Kurt Roeckx November 01, 2015 https://www.debian.org/security/faq -...

DEBIAN-CVE-2014-9750

ntpcrypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service daemon crash via a packet containing an extension field with an invalid value for the length of its value...

CVE-2014-9750

CVE-2014-9750 concerns ntpd with Autokey authentication. The root cause is an error in ntp_crypto.c where a packet extension field’s length value is not properly validated, allowing a remote attacker to either leak sensitive information from ntpd’s process memory or crash the daemon via a malform...

SOL16392 - NTP vulnerability CVE-2014-9750

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

CVE-2014-9295

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to 1 the cryptorecv function when the Autokey Authentication feature is used, 2 the ctlputdata function, and 3 the configure function...

DEBIAN-CVE-2014-9295

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to 1 the cryptorecv function when the Autokey Authentication feature is used, 2 the ctlputdata function, and 3 the configure function...

Stack overflow

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to 1 the cryptorecv function when the Autokey Authentication feature is used, 2 the ctlputdata function, and 3 the configure function...

NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)

Overview The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client...

UBUNTU-CVE-2014-9295

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to 1 the cryptorecv function when the Autokey Authentication feature is used, 2 the ctlputdata function, and 3 the configure function...

Network Time Protocol Daemon (ntpd) 4.x < 4.2.4p7 / 4.x < 4.2.5p74 crypto_recv() Function RCE

The version of the remote NTP server is 4.x prior to 4.2.4p7 or 4.x prior to 4.2.5p74. It is, therefore, affected by a stack-based buffer overflow condition due to the use of sprintf in the cryptorecv function in ntpd/ntpcrypto.c. An unauthenticated, remote attacker can exploit this to cause a...