CVE 2014-9293
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Related bugs and status
CVE-2014-9293 (Candidate) is related to these bugs:
Bug #1404648: security issues in ntp
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1404648 | security issues in ntp | ntp (Ubuntu) | Medium | Fix Released | ||
1404648 | security issues in ntp | ntp (Ubuntu Precise) | Medium | Fix Released | ||
1404648 | security issues in ntp | ntp (Ubuntu Lucid) | Medium | Fix Released | ||
1404648 | security issues in ntp | ntp (Ubuntu Utopic) | Medium | Fix Released | ||
1404648 | security issues in ntp | ntp (Ubuntu Trusty) | Medium | Fix Released |
Bug #1479652: [patch] ntpd rejects source UDP ports less than 123 as bogus
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | ntp (Ubuntu) | Medium | Fix Released | ||
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | NTP | High | Fix Released | ||
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | ntp (Debian) | Unknown | Fix Released | ||
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | ntp (Ubuntu Wily) | Medium | Fix Released | ||
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | ntp (Ubuntu Precise) | Medium | Fix Released | ||
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | ntp (Ubuntu Xenial) | Medium | Fix Released | ||
1479652 | [patch] ntpd rejects source UDP ports less than 123 as bogus | ntp (Ubuntu Trusty) | Medium | Fix Released |
Bug #1512980: Please enable PPS in the Ubuntu build of ntpd
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1512980 | Please enable PPS in the Ubuntu build of ntpd | ntp (Ubuntu) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.