CVE-2014-9293
published 2014-12-20CVE-2014-9293: The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
12.98%
95.8th percentile
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | products | — | — |
| debian | ntp | < ntp 1:4.2.6.p5+dfsg-3.2 (bullseye) | ntp 1:4.2.6.p5+dfsg-3.2 (bullseye) |
| ntp | ntp | <= 4.2.7 | — |
| ntp | ntp | >= 0 < 1:4.2.6.p5+dfsg-3.2 | 1:4.2.6.p5+dfsg-3.2 |
| ntp | ntp | >= 0 < 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_cisco7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Network Time Protocol Vulnerabilities (Supplement Update A)
cisa_ics·2015-02-05·CVSS 7.5
[HIGH] Network Time Protocol Vulnerabilities (Supplement Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Network Time Protocol Vulnerabilities (Supplement Update A)
Last RevisedMarch 05, 2015
Alert CodeICSA-14-353-01-SupplementA
## OVERVIEW
## --------- Begin Update A Part 1 of 2 --------
This advisory supplement is to accompany the NCCIC/ICS-CERT advisory titled ICSA-14-353-01C Network Time Protocol Vulnerabilities that was published February 5, 2015, on the ICS‑CERT web site.
## --------- End Update A Part 1 of 2 ----------
Please refer to this advisory for all the details of the vulnerabilities. The purpose of this advisory supplement is to document which products are affecte
CISA ICS
Network Time Protocol Vulnerabilities (Update C)
cisa_ics·2015-02-04
Network Time Protocol Vulnerabilities (Update C)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Network Time Protocol Vulnerabilities (Update C)
Last RevisedAugust 29, 2018
Alert CodeICSA-14-353-01C
## OVERVIEW
This updated advisory is a follow-up to the updated advisory titled ICSA-14-353-01B Network Time Protocol Vulnerabilities that was published February 4, 2015, on the NCCIC/ICS-CERT web site.
Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational industrial control systems deployments, ICS-CERT is providing this inform
CISA ICS
Network Time Protocol Vulnerabilities (Update B)
cisa_ics·2014-12-23
Network Time Protocol Vulnerabilities (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Network Time Protocol Vulnerabilities (Update B)
Last RevisedSeptember 10, 2018
Alert CodeICSA-14-353-01B
## OVERVIEW
This updated advisory is a follow-up to the updated advisory titled ICSA-14-353-01A Network Time Protocol Vulnerabilities that was published December 23, 2014, on the NCCIC/ICS-CERT web site.
Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational industrial control systems deployments, ICS-CERT is providing this in
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco·2014-12-23·CVSS 7.5
CVE-2014-9293 [HIGH] CWE-119 Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition.
On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows:
CVE-2014-9293: Weak Default Key in config_auth()
CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to Generate Sym
BSD
FreeBSD-SA-14:31.ntp: Multiple vulnerabilities in NTP suite
bsd_advisories·2014-12-23·CVSS 7.5
CVE-2014-9293 [HIGH] FreeBSD-SA-14:31.ntp: Multiple vulnerabilities in NTP suite
FreeBSD-SA-14:31.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in NTP suite
Category: contrib
Module: ntp
Announced: 2014-12-23
Affects: All supported versions of FreeBSD.
Corrected: 2014-12-22 19:07:16 UTC (stable/10, 10.1-STABLE)
2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)
2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)
2014-12-22 19:08:09 UTC (stable/9, 9.3-STABLE)
2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)
2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)
2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)
2014-12-22 19:08:09 UTC (stable/8, 8.4-STABLE)
2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)
CVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
For general information regarding FreeBSD Securi
Ubuntu
NTP vulnerabilities
vendor_ubuntu·2014-12-22·CVSS 7.5
CVE-2014-9293 [HIGH] NTP vulnerabilities
Title: NTP vulnerabilities
Summary: Several security issues were fixed in NTP.
Neel Mehta discovered that NTP generated weak authentication keys. A remote
attacker could possibly use this issue to brute force the authentication
key and send requests if permitted by IP restrictions. (CVE-2014-9293)
Stephen Roettger discovered that NTP generated weak MD5 keys. A remote
attacker could possibly use this issue to brute force the MD5 key and spoof
a client or server. (CVE-2014-9294)
Stephen Roettger discovered that NTP contained buffer overflows in the
crypto_recv(), ctl_putdata() and configure() functions. In non-default
configurations, a remote attacker could use these issues to cause NTP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. The default compiler o
Red Hat
ntp: automatic generation of weak default key in config_auth()
vendor_redhat·2014-12-19·CVSS 7.5
CVE-2014-9293 [HIGH] CWE-338 ntp: automatic generation of weak default key in config_auth()
ntp: automatic generation of weak default key in config_auth()
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests.
Mitigation: Issue these commands to explicitly generate a strong key and add it to the
ntpd configuration:
echo trustedkey 65535 >> /etc/ntp.conf
printf "65535\tM\t%s\n"
Debian
CVE-2014-9293: ntp - The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not...
vendor_debian·2014·CVSS 7.5
CVE-2014-9293 [HIGH] CVE-2014-9293: ntp - The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not...
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Scope: local
bullseye: resolved (fixed in 1:4.2.6.p5+dfsg-3.2)
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9293 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9293: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9295 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9295: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9296 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9296: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9294 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9294: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9298 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9298: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9297 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9297: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
GHSA
GHSA-39gg-qjj7-qm8m: The config_auth function in ntpd in NTP before 4
ghsa_unreviewed·2022-05-13
CVE-2014-9293 [HIGH] GHSA-39gg-qjj7-qm8m: The config_auth function in ntpd in NTP before 4
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
OSV
ntp vulnerabilities
osv·2014-12-22·CVSS 7.5
CVE-2014-9293 [HIGH] ntp vulnerabilities
ntp vulnerabilities
Neel Mehta discovered that NTP generated weak authentication keys. A remote
attacker could possibly use this issue to brute force the authentication
key and send requests if permitted by IP restrictions. (CVE-2014-9293)
Stephen Roettger discovered that NTP generated weak MD5 keys. A remote
attacker could possibly use this issue to brute force the MD5 key and spoof
a client or server. (CVE-2014-9294)
Stephen Roettger discovered that NTP contained buffer overflows in the
crypto_recv(), ctl_putdata() and configure() functions. In non-default
configurations, a remote attacker could use these issues to cause NTP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. The default compiler options for affected releases should reduce the
vulnerability
OSV
CVE-2014-9293: The config_auth function in ntpd in NTP before 4
osv·2014-12-20·CVSS 7.5
CVE-2014-9293 [HIGH] CVE-2014-9293: The config_auth function in ntpd in NTP before 4
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-9296 CVE-2014-9294 CVE-2014-9295 CVE-2014-9293 ntp: various flaws [fedora-all]
bugzilla·2014-12-19·CVSS 7.5
CVE-2014-9296 [HIGH] CVE-2014-9296 CVE-2014-9294 CVE-2014-9295 CVE-2014-9293 ntp: various flaws [fedora-all]
CVE-2014-9296 CVE-2014-9294 CVE-2014-9295 CVE-2014-9293 ntp: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported ve
Bugzilla
CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()
bugzilla·2014-12-19·CVSS 7.5
CVE-2014-9293 [HIGH] CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()
CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()
As per upstream NTP security advisory:
If no 'auth' key is set in the configuration file, ntpd would generate a random key on the fly. There were two problems with this: 1) the generated key was 31 bits in size, and 2) it used the (now weak) ntp_random() function, which was seeded with a 32-bit value and could only provide 32 bits of entropy. This was sufficient back in the late 1990s when the code was written. Not today.
Mitigation: Upgrade to 4.2.7p11 or later.
This vulnerability was noticed in ntp-4.2.6 by Neel Mehta of the Google Security Team.
Discussion:
Upstream mentions the issue was fixed in 4.2.7p11. The following commit from between 4.2.7p10 and 4.2.7p11 seems to remove automatic auth key generati
http://advisories.mageia.org/MGASA-2014-0541.htmlhttp://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs&REV=4b6089c5KXhXqZqocF0DMXnQQsjOuwhttp://bugs.ntp.org/show_bug.cgi?id=2665http://marc.info/?l=bugtraq&m=142469153211996&w=2http://marc.info/?l=bugtraq&m=142590659431171&w=2http://marc.info/?l=bugtraq&m=142853370924302&w=2http://marc.info/?l=bugtraq&m=144182594518755&w=2http://rhn.redhat.com/errata/RHSA-2014-2025.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0104.htmlhttp://secunia.com/advisories/62209http://support.ntp.org/bin/view/Main/SecurityNoticehttp://www.kb.cert.org/vuls/id/852879http://www.mandriva.com/security/advisories?name=MDVSA-2015:003http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/71757https://bugzilla.redhat.com/show_bug.cgi?id=1176032https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783https://kc.mcafee.com/corporate/index?page=content&id=SB10103https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpdhttps://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8http://advisories.mageia.org/MGASA-2014-0541.htmlhttp://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs&REV=4b6089c5KXhXqZqocF0DMXnQQsjOuwhttp://bugs.ntp.org/show_bug.cgi?id=2665http://marc.info/?l=bugtraq&m=142469153211996&w=2http://marc.info/?l=bugtraq&m=142590659431171&w=2http://marc.info/?l=bugtraq&m=142853370924302&w=2http://marc.info/?l=bugtraq&m=144182594518755&w=2http://rhn.redhat.com/errata/RHSA-2014-2025.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0104.htmlhttp://secunia.com/advisories/62209http://support.ntp.org/bin/view/Main/SecurityNoticehttp://www.kb.cert.org/vuls/id/852879http://www.mandriva.com/security/advisories?name=MDVSA-2015:003http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/71757https://bugzilla.redhat.com/show_bug.cgi?id=1176032https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783https://kc.mcafee.com/corporate/index?page=content&id=SB10103https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpdhttps://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8
2014-12-20
Published