CVE-2014-9295 in NTP Daemoninfo

Summary

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.

Reservation

12/05/2014

Disclosure

12/19/2014

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
68454	NTP Daemon configure memory corruption	119	Not defined	Official fix	CVE-2014-9295
68453	NTP Daemon ctl_putdata memory corruption	119	Not defined	Official fix	CVE-2014-9295
68452	NTP Daemon crypto_recv memory corruption	119	Unproven	Official fix	CVE-2014-9295

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!