CVE-2014-9296 in Communications Policy Managementinfo

Summary

The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

12/05/2014

Disclosure

12/19/2014

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
92853	Oracle Communications Policy Management NTP code	17	Not defined	Official fix	CVE-2014-9296
68455	NTP Daemon ntp_proto.c receive code	17	Unproven	Official fix	CVE-2014-9296

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!