5.8

CVE-2014-9750

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NtpNtp Version >= 4.2.0 < 4.2.8
NtpNtp Version4.2.8 Update-
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
OracleLinux Version7 Update-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.14% 0.926
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory
http://www.kb.cert.org/vuls/id/852879
Third Party Advisory
US Government Resource
http://rhn.redhat.com/errata/RHSA-2015-1459.html
Third Party Advisory
http://bugs.ntp.org/show_bug.cgi?id=2671
Patch
Vendor Advisory
Issue Tracking
http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne
Vendor Advisory
Release Notes
http://www.debian.org/security/2015/dsa-3388
Third Party Advisory
http://www.securityfocus.com/bid/72583
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1184573
Patch
Third Party Advisory
Issue Tracking
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us
Third Party Advisory