CVE-2014-9293

EPSS 33.3%

ntp - security update

Published: 12/20/2014Modified: 4/28/2026

Description

The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Affected packages (3)

Debian/ntpfrom 0, < 1:4.2.6.p5+dfsg-3.2
Debian/ntpfrom 0, < 1:4.2.6.p2+dfsg-1+deb6u1
Debian/ntpfrom 0, < 1:4.2.6.p5+dfsg-2+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9293