Executive Summary

Informations
Name CVE-2014-9750 First vendor Publication 2015-10-05
Vendor Cve Last vendor Modification 2020-06-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Cvss Base Score 5.8 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 777
Os 3
Os 1
Os 1
Os 1
Os 1

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-02-19 IAVM : 2015-A-0041 - Multiple Vulnerabilities in Network Time Protocol (NTP)
Severity : Category I - VMSKEY : V0058907

Nessus® Vulnerability Scanner

Date Description
2017-12-07 Name : The remote host is potentially affected by multiple NTP client vulnerabilities.
File : check_point_gaia_sk103825.nasl - Type : ACT_GATHER_INFO
2017-05-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2016-1060.nasl - Type : ACT_GATHER_INFO
2016-12-15 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20161103_ntp_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2016-11-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-2583.nasl - Type : ACT_GATHER_INFO
2016-11-11 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-2583.nasl - Type : ACT_GATHER_INFO
2016-11-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2583.nasl - Type : ACT_GATHER_INFO
2016-06-09 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160510_ntp_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-05-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-0780.nasl - Type : ACT_GATHER_INFO
2016-05-16 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-0780.nasl - Type : ACT_GATHER_INFO
2016-05-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0780.nasl - Type : ACT_GATHER_INFO
2015-12-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20151119_ntp_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-02 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-2231.nasl - Type : ACT_GATHER_INFO
2015-11-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-2231.nasl - Type : ACT_GATHER_INFO
2015-11-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2231.nasl - Type : ACT_GATHER_INFO
2015-11-06 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL17530.nasl - Type : ACT_GATHER_INFO
2015-11-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3388.nasl - Type : ACT_GATHER_INFO
2015-10-30 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2015-302-03.nasl - Type : ACT_GATHER_INFO
2015-10-29 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-607.nasl - Type : ACT_GATHER_INFO
2015-10-29 Name : The remote Debian host is missing a security update.
File : debian_DLA-335.nasl - Type : ACT_GATHER_INFO
2015-09-16 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16392.nasl - Type : ACT_GATHER_INFO
2015-07-30 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-1459.nasl - Type : ACT_GATHER_INFO
2015-07-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-1459.nasl - Type : ACT_GATHER_INFO
2015-07-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1459.nasl - Type : ACT_GATHER_INFO
2015-05-28 Name : A network management system on the remote host is affected by multiple vulner...
File : cisco_prime_lms_sa-20141222-ntpd.nasl - Type : ACT_GATHER_INFO
2015-05-28 Name : A network management system on the remote host is affected by multiple vulner...
File : cisco-sa-20141222-ntpd-prime_dcnm.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_44236.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_44235.nasl - Type : ACT_GATHER_INFO
2015-03-20 Name : The remote NTP server is affected by multiple vulnerabilities.
File : ntp_4_2_8.nasl - Type : ACT_GATHER_INFO
2015-03-20 Name : The management application running on the remote host is affected by multiple...
File : cisco-sa-20141222-ntpd-prsm.nasl - Type : ACT_GATHER_INFO
2015-03-18 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sn-CSCus27229-iosxr.nasl - Type : ACT_GATHER_INFO
2015-03-18 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sn-CSCus26956-iosxr.nasl - Type : ACT_GATHER_INFO
2015-03-18 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20141222-ntpd-nxos.nasl - Type : ACT_GATHER_INFO
2015-02-11 Name : The remote AIX host is missing a security patch.
File : aix_IV68430.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3154.nasl - Type : ACT_GATHER_INFO
2014-12-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ntp-141219.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_4033d82687dd11e490793c970e169bc2.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-792.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/72583
CERT-VN http://www.kb.cert.org/vuls/id/852879
CONFIRM http://bugs.ntp.org/show_bug.cgi?id=2671
http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Securit...
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-271964...
https://bugzilla.redhat.com/show_bug.cgi?id=1184573
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr...
DEBIAN http://www.debian.org/security/2015/dsa-3388
REDHAT http://rhn.redhat.com/errata/RHSA-2015-1459.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Date Informations
2023-11-02 01:26:21
  • Multiple Updates
2021-05-04 12:35:24
  • Multiple Updates
2021-04-22 01:43:33
  • Multiple Updates
2020-06-18 21:22:55
  • Multiple Updates
2020-05-29 12:10:57
  • Multiple Updates
2020-05-29 01:11:12
  • Multiple Updates
2020-05-23 01:54:03
  • Multiple Updates
2020-05-23 00:43:11
  • Multiple Updates
2019-04-20 12:05:35
  • Multiple Updates
2018-08-28 17:20:05
  • Multiple Updates
2018-01-05 09:23:26
  • Multiple Updates
2017-11-04 09:23:37
  • Multiple Updates
2017-09-23 13:22:31
  • Multiple Updates
2017-05-02 13:24:37
  • Multiple Updates
2016-12-16 13:24:42
  • Multiple Updates
2016-12-07 13:25:37
  • Multiple Updates
2016-11-29 13:23:41
  • Multiple Updates
2016-11-29 00:24:58
  • Multiple Updates
2016-11-12 13:25:32
  • Multiple Updates
2016-11-05 13:24:39
  • Multiple Updates
2016-10-15 09:24:40
  • Multiple Updates
2016-06-10 13:28:58
  • Multiple Updates
2016-05-18 13:27:58
  • Multiple Updates
2016-05-17 13:29:40
  • Multiple Updates
2016-05-13 13:29:29
  • Multiple Updates
2016-04-27 01:37:51
  • Multiple Updates
2015-12-23 13:25:45
  • Multiple Updates
2015-12-05 13:26:49
  • Multiple Updates
2015-12-03 13:26:30
  • Multiple Updates
2015-11-21 13:25:44
  • Multiple Updates
2015-11-03 13:24:21
  • Multiple Updates
2015-10-31 13:23:57
  • Multiple Updates
2015-10-30 13:24:07
  • Multiple Updates
2015-10-29 13:24:00
  • Multiple Updates
2015-10-13 13:24:42
  • Multiple Updates
2015-10-07 13:24:29
  • Multiple Updates
2015-10-07 00:22:09
  • Multiple Updates
2015-10-06 09:23:41
  • First insertion