Denial Of Service (DoS)

2019-05-0205:29:36

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.015 Low

EPSS

Percentile

87.1%

JSON

ntp is vulnerable to denial of service. An incomplete fix for CVE-2014-9750 resulted in improper value length checks in ntp_crypto.c. A packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.

CPENameOperatorVersion
ntpeq4.2.6p5__1.el6
ntpeq4.2.4p8__3.el6
ntpeq4.2.6p5__2.el6_5
ntpeq4.2.6p5__2.el6_6
ntpeq4.2.6p5__5.el6
ntpeq4.2.4p8__2.el6
ntpeq4.2.6p5__5.el6_7.2
ntpeq4.2.6p5__5.el6_7.4
ntpeq4.2.6p5__3.el6_6

Name	Operator	Version
ntp	eq	4.2.6p5__1.el6
ntp	eq	4.2.4p8__3.el6
ntp	eq	4.2.6p5__2.el6_5
ntp	eq	4.2.6p5__2.el6_6
ntp	eq	4.2.6p5__5.el6
ntp	eq	4.2.4p8__2.el6
ntp	eq	4.2.6p5__5.el6_7.2
ntp	eq	4.2.6p5__5.el6_7.4
ntp	eq	4.2.6p5__3.el6_6