2 matches found
DEBIAN-CVE-2014-9750
ntpcrypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service daemon crash via a packet containing an extension field with an invalid value for the length of its value...
USN-2497-1 ntp vulnerabilities
Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP incorrectly handled the length value in extension fields. A remote attacker could use this issue to possibly obtain leaked information, or cause the NTP daemon to crash, resulting in a denial of service. CVE-2014-9297 Steph...