CVE 2014-9295
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
Related bugs and status
CVE-2014-9295 (Candidate) is related to these bugs:
Bug #1404648: security issues in ntp
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1404648 | security issues in ntp | ntp (Ubuntu) | Medium | Fix Released | ||
1404648 | security issues in ntp | ntp (Ubuntu Precise) | Medium | Fix Released | ||
1404648 | security issues in ntp | ntp (Ubuntu Lucid) | Medium | Fix Released | ||
1404648 | security issues in ntp | ntp (Ubuntu Utopic) | Medium | Fix Released | ||
1404648 | security issues in ntp | ntp (Ubuntu Trusty) | Medium | Fix Released |
Bug #1479652: [patch] ntpd rejects source UDP ports less than 123 as bogus
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | ntp (Ubuntu) | Medium | Fix Released | ||
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | NTP | High | Fix Released | ||
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | ntp (Debian) | Unknown | Fix Released | ||
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | ntp (Ubuntu Wily) | Medium | Fix Released | ||
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | ntp (Ubuntu Precise) | Medium | Fix Released | ||
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | ntp (Ubuntu Xenial) | Medium | Fix Released | ||
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | ntp (Ubuntu Trusty) | Medium | Fix Released |
Bug #1512980: Please enable PPS in the Ubuntu build of ntpd
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1512980 | Please enable PPS in the Ubuntu build of ntpd | ntp (Ubuntu) | Undecided | Fix Released |
Bug #1576993: ntpd needs updating.
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1576993 | ntpd needs updating. | Raspbian | Undecided | Invalid |
See the
CVE page on Mitre.org
for more details.