CVE-2014-9295

Exploit

EPSS 59.05%
Published 20.12.2014 02:59:02
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.

Affected products Warnungen 0 Metrics 2 CWE 1 References 31

Data is provided by the National Vulnerability Database (NVD)

Ntp ≫ Ntp Version <= 4.2.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	59.05%	0.981

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://marc.info/?l=bugtraq&m=144182594518755&w=2

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

http://advisories.mageia.org/MGASA-2014-0541.html

http://marc.info/?l=bugtraq&m=142469153211996&w=2

http://marc.info/?l=bugtraq&m=142590659431171&w=2

http://marc.info/?l=bugtraq&m=142853370924302&w=2

http://rhn.redhat.com/errata/RHSA-2014-2025.html

http://rhn.redhat.com/errata/RHSA-2015-0104.html

http://secunia.com/advisories/62209

http://support.ntp.org/bin/view/Main/SecurityNotice