CVE-2014-9295: Buffer Overflow
First published: Fri Dec 19 2014(Updated: )
As per upstream NTP security advisory, multiple buffer overflows were reported in ntp daemon, details provided below * Buffer overflow in crypto_recv() When Autokey Authentication is enabled (i.e. the ntp.conf file contains a 'crypto pw ...' directive) a remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. This vulnerability was discovered by Stephen Roettger of the Google Security Team. Mitigation: Disable Autokey Authentication by removing, or commenting out, all configuration directives beginning with the crypto keyword in your ntp.conf file. * Buffer overflow in ctl_putdata() A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. This vulnerability was discovered by Stephen Roettger of the Google Security Team. * Buffer overflow in configure() A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. This vulnerability was discovered by Stephen Roettger of the Google Security Team.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ntp | <4.2.8 | 4.2.8 |
| NTP ntp | <=4.2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2014-0541.html
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97g
- http://bugs.ntp.org/show_bug.cgi?id=2667
- http://bugs.ntp.org/show_bug.cgi?id=2668
- http://bugs.ntp.org/show_bug.cgi?id=2669
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html
- http://marc.info/?l=bugtraq&m=142469153211996&w=2
- http://marc.info/?l=bugtraq&m=142590659431171&w=2
- http://marc.info/?l=bugtraq&m=142853370924302&w=2
- http://marc.info/?l=bugtraq&m=144182594518755&w=2
- http://rhn.redhat.com/errata/RHSA-2014-2025.html
- http://rhn.redhat.com/errata/RHSA-2015-0104.html
- http://secunia.com/advisories/62209
- http://support.ntp.org/bin/view/Main/SecurityNotice
- http://www.kb.cert.org/vuls/id/852879
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:003
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/71761
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htm
- https://bugzilla.redhat.com/show_bug.cgi?id=1176037
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kc.mcafee.com/corporate/index?page=content&id=SB10103
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
- https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1176037#c0
- http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=5493dc3dofY6drKJde9W-5O1M3s4eg
- https://access.redhat.com/articles/1305723
- http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_crypto_recv
- https://access.redhat.com/security/cve/CVE-2014-9295
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1176191
- https://rhn.redhat.com/errata/RHSA-2014-2025.html
- https://rhn.redhat.com/errata/RHSA-2014-2024.html
- http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html
- https://rhn.redhat.com/errata/RHSA-2015-0104.html
Frequently Asked Questions
What is the severity of CVE-2014-9295?
CVE-2014-9295 has been classified with a high severity due to its potential for remote code execution through buffer overflows.
How do I fix CVE-2014-9295?
To fix CVE-2014-9295, update the NTP daemon to version 4.2.8 or later where the vulnerabilities have been addressed.
What systems are affected by CVE-2014-9295?
CVE-2014-9295 affects NTP versions up to and including 4.2.7, and specifically instances where Autokey Authentication is enabled.
Can CVE-2014-9295 be exploited remotely?
Yes, CVE-2014-9295 can be exploited remotely by attackers who can send specially crafted packets to the vulnerable NTP daemon.
What types of attacks are possible with CVE-2014-9295?
Exploitation of CVE-2014-9295 can lead to buffer overflows that may result in remote code execution or denial of service.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-9295
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/ntp
- canonical/ntp ntp
- version/ntp ntp/4.2.7
- package-manager/redhat