CVE-2014-9750

Published: Oct 6, 2015Modified: May 6, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:P

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

Affected (9)

Products: Ntp: Ntp · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Debian: Debian Linux · +1 more

Show all products

Ntp: Ntp · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Debian: Debian Linux · Oracle: Linux

1 product

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ntp Ntp	From 4.2.0 to 4.2.8
Ntp Ntp	Version 4.2.8

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Linux	Version 7

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://bugs.ntp.org/show_bug.cgi?id=2671

Source: cve@mitre.org

Issue TrackingPatchVendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-1459.html

Source: cve@mitre.org

Third Party Advisory

http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne

Source: cve@mitre.org

Release NotesVendor Advisory

http://www.debian.org/security/2015/dsa-3388

Source: cve@mitre.org

Third Party Advisory

http://www.kb.cert.org/vuls/id/852879

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/72583

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1184573

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

Source: cve@mitre.org

Third Party Advisory

http://bugs.ntp.org/show_bug.cgi?id=2671

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-1459.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://www.debian.org/security/2015/dsa-3388

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.kb.cert.org/vuls/id/852879

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/72583

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1184573

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.