CVE-2014-9295 (retired)

Priority
Description
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow
remote attackers to execute arbitrary code via a crafted packet, related to
(1) the crypto_recv function when the Autokey Authentication feature is
used, (2) the ctl_putdata function, and (3) the configure function.
Assigned-to
mdeslaur
Notes
mdeslaurconfigure() isn't in lucid
Package
Source: ntp (LP Ubuntu Debian)
Priority: Low
Upstream:released (4.2.8)
Patches:
Upstream:http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA
Upstream:http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg
Upstream:http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97g
This vulnerability is mitigated in part by an AppArmor profile. For more details see https://wiki.ubuntu.com/Security/Features#apparmor
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#stack-protector
More Information

Updated: 2019-10-09 07:51:29 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)