5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
ntp is vulnerable to sensitive information disclosure. It is possible due to missing validation of vallen value in ntp_crypto.c
when the decryption of a secret received from an NTP server is performed, leading to a stack-based buffer overflow and crashing the NTP client.
CPE | Name | Operator | Version |
---|---|---|---|
ntp | eq | 4.2.4p8__2.el6 | |
ntp | eq | 4.2.6p5__1.el6 | |
ntp | eq | 4.2.4p8__3.el6 | |
ntp | eq | 4.2.6p5__2.el6_5 | |
ntp | eq | 4.2.6p5__2.el6_6 | |
ntp | eq | 4.2.6p5__3.el6_6 |
bugs.ntp.org/show_bug.cgi?id=2671
rhn.redhat.com/errata/RHSA-2015-1459.html
support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne
www.debian.org/security/2015/dsa-3388
www.kb.cert.org/vuls/id/852879
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
www.securityfocus.com/bid/72583
access.redhat.com/security/cve/CVE-2014-9750
access.redhat.com/security/cve/CVE-2014-9751
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1045376
bugzilla.redhat.com/show_bug.cgi?id=1117704
bugzilla.redhat.com/show_bug.cgi?id=1122015
bugzilla.redhat.com/show_bug.cgi?id=1165141
bugzilla.redhat.com/show_bug.cgi?id=1166596
bugzilla.redhat.com/show_bug.cgi?id=1171630
bugzilla.redhat.com/show_bug.cgi?id=1184573
bugzilla.redhat.com/show_bug.cgi?id=1190619
bugzilla.redhat.com/show_bug.cgi?id=1193849
bugzilla.redhat.com/show_bug.cgi?id=1193850
bugzilla.redhat.com/show_bug.cgi?id=995134
rhn.redhat.com/errata/RHSA-2015-1459.html
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us