QwikSec

Security Database

CVE

CWE

Training

CVE-2014-9750

Published: Oct 4, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_CERT-VN

http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=1184573

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

http://bugs.ntp.org/show_bug.cgi?id=2671

x_refsource_CONFIRM

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.