CVE-2014-9296
ntp: receive() missing return on error
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
La función de recepción en ntp_proto.c en ntpd en NTP anterior a 4.2.8 continúa ejecutando después de detectar un cierto error de autenticación, lo que podría permitir a un atacante remoto a provocar una asociación involuntaria mediante paquetes modificados.
A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-12-05 CVE Reserved
- 2014-12-20 CVE Published
- 2023-04-24 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-17: DEPRECATED: Code
- CWE-390: Detection of Error Condition Without Action
CAPEC
References (21)
URL | Tag | Source |
---|---|---|
http://advisories.mageia.org/MGASA-2014-0541.html | X_refsource_confirm | |
http://bugs.ntp.org/show_bug.cgi?id=2670 | X_refsource_confirm | |
http://secunia.com/advisories/62209 | Third Party Advisory | |
http://www.kb.cert.org/vuls/id/852879 | Third Party Advisory | |
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/71758 | Vdb Entry | |
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232 | X_refsource_confirm | |
https://kc.mcafee.com/corporate/index?page=content&id=SB10103 | X_refsource_confirm | |
https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8 | X_refsource_misc |
URL | Date | SRC |
---|---|---|
http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAg | 2024-08-06 |
URL | Date | SRC |
---|