Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DLA-149-1
HistoryFeb 07, 2015 - 12:00 a.m.

ntp - security update

2015-02-0700:00:00
Google
osv.dev
14

0.002 Low

EPSS

Percentile

58.9%

JSON

Several vulnerabilities were discovered in the ntp package, an
implementation of the Network Time Protocol. The Common Vulnerabilities
and Exposures project identifies the following problems:

  • CVE-2014-9297
    Stephen Roettger of the Google Security Team, Sebastian Krahmer of
    the SUSE Security Team and Harlan Stenn of Network Time Foundation
    discovered that the length value in extension fields is not properly
    validated in several code paths in ntp_crypto.c, which could lead to
    information leakage or denial of service (ntpd crash).
  • CVE-2014-9298
    Stephen Roettger of the Google Security Team reported that ACLs
    based on IPv6 ::1 addresses can be bypassed.

For Debian 6 Squeeze, these issues have been fixed in ntp version 1:4.2.6.p2+dfsg-1+deb6u2

CPENameOperatorVersion
ntpeq1:4.2.6.p2+dfsg-1

Related

nessus 29
ibm 12
ubuntu 1
openvas 22
debian 5
archlinux 1
amazon 1
mageia 1
securityvulns 5
suse 5
veracode 6
fedora 4
oraclelinux 2
cvelist 2
cert 1
cisco 1
ics 2
redhat 2
centos 2
f5 3
ubuntucve 5
aix 1
cve 2
nvd 2
prion 2
freebsd_advisory 1
nessus
nessus
Ubuntu 14.04 LTS : NTP vulnerabilities (USN-2497-1)
2015-02-10 00:00:00
Fedora 20 : ntp-4.2.6p5-20.fc20 (2015-1759)
2015-02-16 00:00:00
Debian DLA-149-1 : ntp security update
2015-03-26 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in NTP Affect Power Hardware Management Console (CVE-2014-9297, CVE-2014-9298)
2021-09-23 01:31:39
Security Bulletin: Multiple vulnerabilities in ntp affect IBM Flex System Manager (FSM) (CVE-2014-9293, CVE-2014-9294, CVE-2014-9297, CVE-2014-9298)
2019-01-31 01:45:01
Security Bulletin: IBM Security Access Manager for Web is affected by multiple NTP vulnerabilities
2018-06-16 21:38:59
ubuntu
ubuntu
NTP vulnerabilities
2015-02-09 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-496)
2015-09-08 00:00:00
Mageia: Security Advisory (MGASA-2015-0063)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-2497-1)
2015-02-10 00:00:00
debian
debian
[SECURITY] [DSA 3154-1] ntp security update
2015-02-05 21:13:52
[SECURITY] [DSA 3154-1] ntp security update
2015-02-05 21:13:52
[SECURITY] [DLA 149-1] ntp security update
2015-02-07 15:26:18
archlinux
archlinux
ntp: multiple issues
2015-02-06 00:00:00
amazon
amazon
Medium: ntp
2015-03-23 08:31:00
mageia
mageia
Updated ntp packages fix security vulnerabilities
2015-02-11 23:47:51
securityvulns
securityvulns
[USN-2497-1] NTP vulnerabilities
2015-02-11 00:00:00
ntpd multiple security vulnerabilities
2015-02-11 00:00:00
FreeBSD Security Advisory FreeBSD-SA-15:07.ntp
2015-04-08 00:00:00
suse
suse
Security update for ntp (important)
2015-02-13 19:04:50
Security update for ntp (important)
2015-02-16 19:05:42
Security update for ntp (important)
2015-02-12 21:04:54
veracode
veracode
Insufficient Entropy In Key Generation Algorithm
2019-05-02 05:41:08
Man-in-the-Middle (MitM)
2019-05-02 05:41:08
Man-In-The-Middle (MitM)
2019-05-02 05:41:08
fedora
fedora
[SECURITY] Fedora 21 Update: ntp-4.2.6p5-27.fc21
2015-02-15 03:25:41
[SECURITY] Fedora 20 Update: ntp-4.2.6p5-20.fc20
2015-02-15 03:17:24
[SECURITY] Fedora 20 Update: ntp-4.2.6p5-22.fc20
2015-04-22 22:55:51
oraclelinux
oraclelinux
ntp security, bug fix, and enhancement update
2015-07-28 00:00:00
ntp security, bug fix, and enhancement update
2015-11-23 00:00:00
cvelist
cvelist
CVE-2014-9297
2015-10-04 20:00:00
CVE-2014-9298
2015-10-04 20:00:00
cert
cert
NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)
2014-12-19 00:00:00
cisco
cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
2014-12-22 16:00:00
ics
ics
Network Time Protocol Vulnerabilities (Update C)
2018-08-29 12:00:00
Network Time Protocol Vulnerabilities (Update B)
2018-09-10 12:00:00
redhat
redhat
(RHSA-2015:2231) Moderate: ntp security, bug fix, and enhancement update
2015-11-19 14:42:12
(RHSA-2015:1459) Moderate: ntp security, bug fix, and enhancement update
2015-07-22 00:00:00
centos
centos
ntp, ntpdate security update
2015-07-26 14:13:05
ntp, ntpdate, sntp security update
2015-11-30 19:45:44
f5
f5
K16393 : NTP vulnerability CVE-2014-9751
2015-11-07 00:00:00
K16392 : NTP vulnerability CVE-2014-9750
2015-11-07 00:00:00
SOL16392 - NTP vulnerability CVE-2014-9750
2015-04-09 00:00:00
ubuntucve
ubuntucve
CVE-2014-9751
2015-10-06 00:00:00
CVE-2014-9750
2015-10-06 00:00:00
CVE-2015-7691
2015-10-22 00:00:00
aix
aix
Vulnerabilities in NTPv4 affect AIX,Vulnerabilities in NTPv4 affect VIOS
2015-06-29 10:00:16
cve
cve
CVE-2014-9298
2015-10-06 01:59:00
CVE-2014-9297
2015-10-06 01:59:00
nvd
nvd
CVE-2014-9298
2015-10-06 01:59:00
CVE-2014-9297
2015-10-06 01:59:00
prion
prion
Design/Logic Flaw
2015-10-06 01:59:00
Design/Logic Flaw
2015-10-06 01:59:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:07.ntp
2015-04-07 00:00:00

0.002 Low

EPSS

Percentile

58.9%

JSON
Related for OSV:DLA-149-1
nessus29ibm12ubuntu1openvas22debian5archlinux1amazon1mageia1securityvulns5suse5veracode6fedora4oraclelinux2cvelist2cert1cisco1ics2redhat2centos2f53ubuntucve5aix1cve2nvd2prion2freebsd_advisory1