Your submission was sent successfully! Close

CVE-2014-9750

Published: 06 October 2015

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

Priority

Low

Status

Package Release Status
ntp
Launchpad, Ubuntu, Debian
Upstream
Released (1:4.2.6.p5+dfsg-5)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Upstream: https://github.com/ntp-project/ntp/commit/348fc9fa390c7894f589104fbca4d635868b7a45
Upstream: https://github.com/ntp-project/ntp/commit/158d5aa33f5ce3c10f99cdef364ce8e2cb05c4c5
Upstream: https://github.com/ntp-project/ntp/commit/5e08c9af76a5e4214bc8369ddf01ee0e86747b3a