The vallen packet value is not validated in several code paths in ntp_crypto.c which can lead to information leakage or a possible crash of ntpd. (CVE-2014-9750)
Note: The original candidate number referenced in this article, CVE-2014-9297, was rejected because it was associated with two different issues.
Impact
Successful exploitation of the NTPntp_crypto.cmay result in information disclosure.
Note: The BIG-IP system is vulnerable only if the Autokey Authentication feature is enabled through manual customizations to NTP configuration files.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.3.0 | |
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.6.0 | |
big-ip afm | eq | 12.0.0 | |
big-ip analytics | eq | 11.0.0 |