| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.6 | $0-$5k | 0.12 |
Summary
A vulnerability identified as problematic has been detected in NTP Daemon up to 4.2.7. This affects the function receive of the file ntp_proto.c. This manipulation causes denial of service.
This vulnerability is registered as CVE-2014-9296. No exploit is available.
You should upgrade the affected component.
Details
A vulnerability classified as problematic was found in NTP Daemon up to 4.2.7 (Network Management Software). Affected by this vulnerability is the function receive of the file ntp_proto.c. The manipulation with an unknown input leads to a code vulnerability. The CWE definition for the vulnerability is CWE-17. As an impact it is known to affect availability. The summary by CVE is:
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
The weakness was published 11/03/2014 by Stephen Roettger with Google Security Team as Sec 2670 as confirmed bug report (Bug Tracker). It is possible to read the advisory at bugs.ntp.org. This vulnerability is known as CVE-2014-9296 since 12/05/2014. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit. The advisory points out:
Code in ntp_proto.c:receive() is missing a return; in the code path where an error was detected, which meant processing did not stop when a specific rare error occurred. We haven't found a way for this bug to affect system integrity. If there is no way to affect system integrity the base CVSS score for this bug is 0. If there is one avenue through which system integrity can be partially affected, the base score becomes a 5. If system integrity can be partially affected via all three integrity metrics, the CVSS base score become 7.5.
The vulnerability scanner Nessus provides a plugin with the ID 80122 (Amazon Linux AMI : ntp (ALAS-2014-462)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Amazon Linux Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 185097 (HP-UX Running NTP Multiple Vulnerabilities (HPSBUX03240)).
Upgrading to version 4.2.8 eliminates this vulnerability. A possible mitigation has been published 2 months after the disclosure of the vulnerability. The bug report contains the following remark:
or Remove or comment out all configuration directives beginning with the crypto keyword in your ntp.conf file.
The vulnerability is also documented in the databases at X-Force (99579), Tenable (80122), SecurityFocus (BID 71758†), Secunia (SA62209†) and SecurityTracker (ID 1031410†). Similar entries are available at VDB-68452, VDB-68453, VDB-68454 and VDB-68456. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 4.6
VulDB Base Score: 5.3
VulDB Temp Score: 4.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: CodeCWE: CWE-17
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 80122
Nessus Name: Amazon Linux AMI : ntp (ALAS-2014-462)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 703108
OpenVAS Name: Debian Security Advisory DSA 3108-1 (ntp - security update)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: NTP Daemon 4.2.8
Timeline
11/03/2014 🔍11/03/2014 🔍
12/05/2014 🔍
12/18/2014 🔍
12/19/2014 🔍
12/19/2014 🔍
12/20/2014 🔍
12/22/2014 🔍
12/22/2014 🔍
01/07/2015 🔍
01/13/2015 🔍
03/01/2022 🔍
Sources
Advisory: Sec 2670Researcher: Stephen Roettger
Organization: Google Security Team
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-9296 (🔍)
GCVE (CVE): GCVE-0-2014-9296
GCVE (VulDB): GCVE-100-68455
OVAL: 🔍
X-Force: 99579 - NTP receive denial of service, Medium Risk
SecurityFocus: 71758 - Network Time Protocol CVE-2014-9296 Unspecified Security Vulnerability
Secunia: 62209 - Cisco ACNS (Application and Content Networking System) NTP Multiple Buffer Overflow Vulner, Highly Critical
SecurityTracker: 1031410 - NTP Logic Error in the receive() Function in 'ntp_proto.c' May Let Remote Users Deny Service
Vulnerability Center: 47964 - NTP 4.x before 4.2.8 Remote DoS due to a Flaw in Ntp_proto.c, Medium
See also: 🔍
Entry
Created: 12/22/2014 08:29Updated: 03/01/2022 14:10
Changes: 12/22/2014 08:29 (89), 06/17/2017 07:42 (8), 03/01/2022 14:10 (3)
Complete: 🔍
Cache ID: 216:0E0:103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.