Lucene search

Veracode Vulnerability DatabaseVERACODE:17390

HistoryMay 02, 2019 - 5:41 a.m.

Sensitive Information Leak

2019-05-0205:41:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.01 Low

EPSS

Percentile

83.4%

JSON

ntp is vulnerable to sensitive information disclosure. It is possible due to missing validation of vallen value in ntp_crypto.c when the decryption of a secret received from an NTP server is performed, leading to a stack-based buffer overflow and crashing the NTP client.

CPENameOperatorVersion
ntpeq4.2.4p8__2.el6
ntpeq4.2.6p5__1.el6
ntpeq4.2.4p8__3.el6
ntpeq4.2.6p5__2.el6_5
ntpeq4.2.6p5__2.el6_6
ntpeq4.2.6p5__3.el6_6

Name	Operator	Version
ntp	eq	4.2.4p8__2.el6
ntp	eq	4.2.6p5__1.el6
ntp	eq	4.2.4p8__3.el6
ntp	eq	4.2.6p5__2.el6_5
ntp	eq	4.2.6p5__2.el6_6
ntp	eq	4.2.6p5__3.el6_6

References

bugs.ntp.org/show_bug.cgi?id=2671

rhn.redhat.com/errata/RHSA-2015-1459.html

support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne

www.debian.org/security/2015/dsa-3388

www.kb.cert.org/vuls/id/852879

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/72583

access.redhat.com/security/cve/CVE-2014-9750

access.redhat.com/security/cve/CVE-2014-9751

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1045376

bugzilla.redhat.com/show_bug.cgi?id=1117704

bugzilla.redhat.com/show_bug.cgi?id=1122015

bugzilla.redhat.com/show_bug.cgi?id=1165141

bugzilla.redhat.com/show_bug.cgi?id=1166596

bugzilla.redhat.com/show_bug.cgi?id=1171630

bugzilla.redhat.com/show_bug.cgi?id=1184573

bugzilla.redhat.com/show_bug.cgi?id=1190619

bugzilla.redhat.com/show_bug.cgi?id=1193849

bugzilla.redhat.com/show_bug.cgi?id=1193850

bugzilla.redhat.com/show_bug.cgi?id=995134

rhn.redhat.com/errata/RHSA-2015-1459.html

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

0.01 Low

EPSS

Percentile

83.4%

JSON

Related for VERACODE:17390