ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication
is enabled, allows remote attackers to obtain sensitive information from
process memory or cause a denial of service (daemon crash) via a packet
containing an extension field with an invalid value for the length of its
value field.

Bugs

<http://bugs.ntp.org/show_bug.cgi?id=2671>
<https://bugzilla.redhat.com/show_bug.cgi?id=1184573>

Notes

Author	Note
sbeattie	autokey auth is not configured on by default
mdeslaur	this used to be known as CVE-2014-9297, patches were released in USN-2497-1

References

support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne

www.kb.cert.org/vuls/id/852879

launchpad.net/bugs/cve/CVE-2014-9750

nvd.nist.gov/vuln/detail/CVE-2014-9750

security-tracker.debian.org/tracker/CVE-2014-9750

www.cve.org/CVERecord?id=CVE-2014-9750

nessus 42

f5 3

ubuntucve 3

nvd 6

cve 6

prion 6

openvas 34

ibm 14

debiancve 4

veracode 10

debian 7

cvelist 5

redhat 4

osv 5

centos 4

ubuntu 1

archlinux 1

amazon 2

aix 1

securityvulns 3

mageia 1

oraclelinux 2

freebsd_advisory 2

suse 5

fedora 4

cert 1

cisco 1

ics 2

slackware 1

nessus

F5 Networks BIG-IP : NTP vulnerability (SOL16392)

2015-09-16 00:00:00

Network Time Protocol Daemon (ntpd) Information Disclosure

2015-06-19 00:00:00

Scientific Linux Security Update : ntp on SL7.x x86_64 (20151119)

2015-12-22 00:00:00

K16392 : NTP vulnerability CVE-2014-9750

2015-11-07 00:00:00

SOL16392 - NTP vulnerability CVE-2014-9750

2015-04-09 00:00:00

K17530 : NTP vulnerabilities CVE-2015-7691, CVE-2015-7692, and CVE-2015-7702

2015-11-05 00:00:00

ubuntucve

CVE-2015-7691

2015-10-22 00:00:00

CVE-2015-7702

2015-10-22 00:00:00

CVE-2015-7692

2015-10-22 00:00:00

nvd

CVE-2014-9297

2015-10-06 01:59:00

CVE-2014-9750

2015-10-06 01:59:00

CVE-2015-7691

2017-08-07 20:29:00

cve

CVE-2014-9297

2015-10-06 01:59:00

CVE-2014-9750

2015-10-06 01:59:00

CVE-2015-7702

2017-08-07 20:29:00

prion

Design/Logic Flaw

2015-10-06 01:59:00

Authentication flaw

2015-10-06 01:59:00

Code injection

2017-08-07 20:29:00

openvas

Debian: Security Advisory (DLA-149-1)

2023-03-08 00:00:00

RedHat Update for ntp RHSA-2015:2231-04

2015-11-20 00:00:00

Ubuntu: Security Advisory (USN-2497-1)

2015-02-10 00:00:00

ibm

Security Bulletin: Multiple Security Vulnerabilities affecting IBM Netezza Host Management

2019-10-18 03:10:29

Security Bulletin: Vulnerabilities in NTP Affect Power Hardware Management Console (CVE-2014-9297, CVE-2014-9298)

2021-09-23 01:31:39

Security Bulletin: IBM Pure Power Integrated Manager (PPIM) is affected by vulnerabilities in ntp (CVE-2014-9750, CVE-2014-9751)

2018-06-18 01:30:30

debiancve

CVE-2014-9750

2015-10-06 01:59:00

CVE-2015-7702

2017-08-07 20:29:00

CVE-2015-7692

2017-08-07 20:29:00

veracode

Denial Of Service (DoS)

2019-01-15 09:06:43

Sensitive Information Leak

2019-05-02 05:41:07

Denial Of Service (DoS)

2019-05-02 05:29:36

debian

[SECURITY] [DSA 3154-2] ntp security update

2015-02-07 14:36:25

[SECURITY] [DSA 3154-2] ntp security update

2015-02-07 14:36:25

[SECURITY] [DSA 3154-1] ntp security update

2015-02-05 21:13:52

cvelist

CVE-2014-9297

2015-10-04 20:00:00

CVE-2014-9750

2015-10-04 20:00:00

CVE-2015-7691

2017-08-07 20:00:00

redhat

(RHSA-2015:2231) Moderate: ntp security, bug fix, and enhancement update

2015-11-19 14:42:12

(RHSA-2015:1459) Moderate: ntp security, bug fix, and enhancement update

2015-07-22 00:00:00

(RHSA-2016:0780) Moderate: ntp security and bug fix update

2016-05-10 06:42:20

osv

ntp - security update

2015-02-05 00:00:00

ntp - incomplete fix

2015-02-05 00:00:00

ntp - security update

2015-02-07 00:00:00

centos

ntp, ntpdate security update

2015-07-26 14:13:05

ntp, ntpdate, sntp security update

2015-11-30 19:45:44

ntp, ntpdate security update

2016-05-16 10:19:19

ubuntu

NTP vulnerabilities

2015-02-09 00:00:00

archlinux

ntp: multiple issues

2015-02-06 00:00:00

amazon

Medium: ntp

2015-03-23 08:31:00

Important: ntp

2015-10-27 16:42:00

aix

Vulnerabilities in NTPv4 affect AIX,Vulnerabilities in NTPv4 affect VIOS

2015-06-29 10:00:16

securityvulns

[USN-2497-1] NTP vulnerabilities

2015-02-11 00:00:00

FreeBSD Security Advisory FreeBSD-SA-15:07.ntp

2015-04-08 00:00:00

ntpd multiple security vulnerabilities

2015-02-11 00:00:00

mageia

Updated ntp packages fix security vulnerabilities

2015-02-11 23:47:51

oraclelinux

ntp security, bug fix, and enhancement update

2015-11-23 00:00:00

ntp security, bug fix, and enhancement update

2015-07-28 00:00:00

freebsd_advisory

FreeBSD-SA-15:07.ntp

2015-04-07 00:00:00

FreeBSD-SA-15:25.ntp

2015-10-26 00:00:00

suse

Security update for xntp (important)

2015-02-19 01:05:02

Security update for ntp (important)

2015-02-16 19:05:42

Security update for ntp (important)

2015-02-13 19:04:50

fedora

[SECURITY] Fedora 20 Update: ntp-4.2.6p5-20.fc20

2015-02-15 03:17:24

[SECURITY] Fedora 21 Update: ntp-4.2.6p5-27.fc21

2015-02-15 03:25:41

[SECURITY] Fedora 20 Update: ntp-4.2.6p5-22.fc20

2015-04-22 22:55:51

cert

NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)

2014-12-19 00:00:00

cisco

Multiple Vulnerabilities in ntpd Affecting Cisco Products

2014-12-22 16:00:00

ics

Network Time Protocol Vulnerabilities (Update B)

2018-09-10 12:00:00

Network Time Protocol Vulnerabilities (Update C)

2018-08-29 12:00:00

slackware

[slackware-security] ntp

2015-10-29 22:49:05

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.01 Low

EPSS

Percentile

83.4%

JSON

Related for UB:CVE-2014-9750