CVE-2014-9293

EPSS 33.3%

ntp - security update

發布日:2014/12/20修改日:2026/4/28

描述

The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

受影響套件(3)

Debian/ntpfrom 0, < 1:4.2.6.p5+dfsg-3.2
Debian/ntpfrom 0, < 1:4.2.6.p2+dfsg-1+deb6u1
Debian/ntpfrom 0, < 1:4.2.6.p5+dfsg-2+deb7u1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9293