{"id":"MGASA-2014-0541","summary":"Updated ntp packages fix security vulnerabilities","details":"Updated ntp packages fix security vulnerabilities:\n\nIf no authentication key is defined in the ntp.conf file, a\ncryptographically-weak default key is generated (CVE-2014-9293).\n\nntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator\nwith a weak seed to generate symmetric keys (CVE-2014-9294).\n\nA remote unauthenticated attacker may craft special packets that trigger\nbuffer overflows in the ntpd functions crypto_recv() (when using autokey\nauthentication), ctl_putdata(), and configure(). The resulting buffer\noverflows may be exploited to allow arbitrary malicious code to be executed\nwith the privilege of the ntpd process (CVE-2014-9295).\n\nA section of code in ntpd handling a rare error is missing a return\nstatement, therefore processing did not stop when the error was encountered.\nThis situation may be exploitable by an attacker (CVE-2014-9296).\n\nThe ntp package has been patched to fix these issues.\n","modified":"2026-01-31T15:52:56.266361Z","published":"2014-12-20T13:51:12Z","related":["CVE-2014-9293","CVE-2014-9294","CVE-2014-9295","CVE-2014-9296"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0541.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14858"},{"type":"REPORT","url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Resolved_Vulnerabilities"},{"type":"REPORT","url":"https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01"},{"type":"REPORT","url":"http://www.kb.cert.org/vuls/id/852879"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176032"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176035"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176037"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176040"}],"affected":[{"package":{"name":"ntp","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/ntp?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.6p5-15.2.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0541.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}