CVE-2014-9295
published 2014-12-20CVE-2014-9295: Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the…
PriorityP267high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
78.09%
99.5th percentile
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | products | — | — |
| debian | ntp | < ntp 1:4.2.6.p5+dfsg-3.2 (bullseye) | ntp 1:4.2.6.p5+dfsg-3.2 (bullseye) |
| ntp | ntp | <= 4.2.7 | — |
| ntp | ntp | >= 0 < 1:4.2.6.p5+dfsg-3.2 | 1:4.2.6.p5+dfsg-3.2 |
| ntp | ntp | >= 0 < 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition for crypto_recv() overflow: attacker sends a crafted packet when Autokey Authentication is enabled (e.g., 'crypto pw' directive present in ntp.conf) ↗
- →Three vulnerable functions to target in ntpd: crypto_recv() (Autokey path), ctl_putdata(), and configure() — all susceptible to stack-based buffer overflow via crafted packets ↗
- →Exploitation of ctl_putdata() is restricted to local attackers by default; configure() requires additional authentication — focus remote detection efforts on crypto_recv() path ↗
- →Successful exploitation runs arbitrary code with privileges of the ntpd process, which is typically root — monitor for unexpected child processes or privilege escalation from ntpd ↗
- →On Ubuntu, NTP AppArmor profile provides containment — alert on AppArmor denials from ntpd as a potential exploitation indicator ↗
- ·crypto_recv() overflow only reachable in non-default configurations where Autokey Authentication is active (requires 'crypto pw' or equivalent directive in ntp.conf) ↗
- ·ctl_putdata() overflow is only exploitable via local attackers in default configurations ↗
- ·configure() overflow requires additional authentication to exploit ↗
- ·Red Hat mitigation: add restrict lines to /etc/ntp.conf to limit server-type functionality to localhost; does not fully remediate but reduces attack surface ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_cisco7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Network Time Protocol Vulnerabilities (Supplement Update A)
cisa_ics·2015-02-05·CVSS 7.5
[HIGH] Network Time Protocol Vulnerabilities (Supplement Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Network Time Protocol Vulnerabilities (Supplement Update A)
Last RevisedMarch 05, 2015
Alert CodeICSA-14-353-01-SupplementA
## OVERVIEW
## --------- Begin Update A Part 1 of 2 --------
This advisory supplement is to accompany the NCCIC/ICS-CERT advisory titled ICSA-14-353-01C Network Time Protocol Vulnerabilities that was published February 5, 2015, on the ICS‑CERT web site.
## --------- End Update A Part 1 of 2 ----------
Please refer to this advisory for all the details of the vulnerabilities. The purpose of this advisory supplement is to document which products are affecte
CISA ICS
Network Time Protocol Vulnerabilities (Update C)
cisa_ics·2015-02-04
Network Time Protocol Vulnerabilities (Update C)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Network Time Protocol Vulnerabilities (Update C)
Last RevisedAugust 29, 2018
Alert CodeICSA-14-353-01C
## OVERVIEW
This updated advisory is a follow-up to the updated advisory titled ICSA-14-353-01B Network Time Protocol Vulnerabilities that was published February 4, 2015, on the NCCIC/ICS-CERT web site.
Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational industrial control systems deployments, ICS-CERT is providing this inform
CISA ICS
Network Time Protocol Vulnerabilities (Update B)
cisa_ics·2014-12-23
Network Time Protocol Vulnerabilities (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Network Time Protocol Vulnerabilities (Update B)
Last RevisedSeptember 10, 2018
Alert CodeICSA-14-353-01B
## OVERVIEW
This updated advisory is a follow-up to the updated advisory titled ICSA-14-353-01A Network Time Protocol Vulnerabilities that was published December 23, 2014, on the NCCIC/ICS-CERT web site.
Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational industrial control systems deployments, ICS-CERT is providing this in
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco·2014-12-23·CVSS 7.5
CVE-2014-9293 [HIGH] CWE-119 Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition.
On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows:
CVE-2014-9293: Weak Default Key in config_auth()
CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to Generate Sym
BSD
FreeBSD-SA-14:31.ntp: Multiple vulnerabilities in NTP suite
bsd_advisories·2014-12-23·CVSS 7.5
CVE-2014-9293 [HIGH] FreeBSD-SA-14:31.ntp: Multiple vulnerabilities in NTP suite
FreeBSD-SA-14:31.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in NTP suite
Category: contrib
Module: ntp
Announced: 2014-12-23
Affects: All supported versions of FreeBSD.
Corrected: 2014-12-22 19:07:16 UTC (stable/10, 10.1-STABLE)
2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)
2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)
2014-12-22 19:08:09 UTC (stable/9, 9.3-STABLE)
2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)
2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)
2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)
2014-12-22 19:08:09 UTC (stable/8, 8.4-STABLE)
2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)
CVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
For general information regarding FreeBSD Securi
Ubuntu
NTP vulnerabilities
vendor_ubuntu·2014-12-22·CVSS 7.5
CVE-2014-9293 [HIGH] NTP vulnerabilities
Title: NTP vulnerabilities
Summary: Several security issues were fixed in NTP.
Neel Mehta discovered that NTP generated weak authentication keys. A remote
attacker could possibly use this issue to brute force the authentication
key and send requests if permitted by IP restrictions. (CVE-2014-9293)
Stephen Roettger discovered that NTP generated weak MD5 keys. A remote
attacker could possibly use this issue to brute force the MD5 key and spoof
a client or server. (CVE-2014-9294)
Stephen Roettger discovered that NTP contained buffer overflows in the
crypto_recv(), ctl_putdata() and configure() functions. In non-default
configurations, a remote attacker could use these issues to cause NTP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. The default compiler o
Red Hat
ntp: Multiple buffer overflows via specially-crafted packets
vendor_redhat·2014-12-19·CVSS 7.5
CVE-2014-9295 [HIGH] CWE-119 ntp: Multiple buffer overflows via specially-crafted packets
ntp: Multiple buffer overflows via specially-crafted packets
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited
Debian
CVE-2014-9295: ntp - Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote a...
vendor_debian·2014·CVSS 7.5
CVE-2014-9295 [HIGH] CVE-2014-9295: ntp - Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote a...
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
Scope: local
bullseye: resolved (fixed in 1:4.2.6.p5+dfsg-3.2)
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9293 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9293: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9295 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9295: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9296 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9296: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9294 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9294: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9298 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9298: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
vendor_cisco
CVE-2014-9297 Multiple Vulnerabilities in ntpd Affecting Cisco Products
CVE-2014-9297: Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: CVE-2014-9293: Weak Default Key in config_auth() CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to G
GHSA
GHSA-67hp-c7g3-34pp: Multiple stack-based buffer overflows in ntpd in NTP before 4
ghsa_unreviewed·2022-05-13
CVE-2014-9295 [HIGH] CWE-119 GHSA-67hp-c7g3-34pp: Multiple stack-based buffer overflows in ntpd in NTP before 4
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
Project0
Finding and exploiting ntpd vulnerabilities - Project Zero
project_zero·2015-01-01·CVSS 7.5
CVE-2014-9295 [HIGH] Finding and exploiting ntpd vulnerabilities - Project Zero
Posted by Stephen Röttger, Time Lord
[Foreword by Chris Evans: this post by Stephen represents the first Project Zero guest blog post. From time to time, we’ll be featuring guest blog posts for top-tier security research. In this instance, we’ve been impressed by the remotely exploitable nature of these vulnerabilities, as well as the clever chain of bugs and quirks that eventually leads to remote code execution. You’ve probably seen the recent ntpd vulnerability disclosures and this blog post tells the story from one of the researchers who discovered the issues. Over to Stephen…]
A few months ago I decided to get started on fuzzing. I chose the reference implementation of the Network Time Protocol (NTP), ntpd, as my first target, since I have some background with NTP and the protocol
OSV
ntp vulnerabilities
osv·2014-12-22·CVSS 7.5
CVE-2014-9293 [HIGH] ntp vulnerabilities
ntp vulnerabilities
Neel Mehta discovered that NTP generated weak authentication keys. A remote
attacker could possibly use this issue to brute force the authentication
key and send requests if permitted by IP restrictions. (CVE-2014-9293)
Stephen Roettger discovered that NTP generated weak MD5 keys. A remote
attacker could possibly use this issue to brute force the MD5 key and spoof
a client or server. (CVE-2014-9294)
Stephen Roettger discovered that NTP contained buffer overflows in the
crypto_recv(), ctl_putdata() and configure() functions. In non-default
configurations, a remote attacker could use these issues to cause NTP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. The default compiler options for affected releases should reduce the
vulnerability
OSV
CVE-2014-9295: Multiple stack-based buffer overflows in ntpd in NTP before 4
osv·2014-12-20·CVSS 7.5
CVE-2014-9295 [HIGH] CVE-2014-9295: Multiple stack-based buffer overflows in ntpd in NTP before 4
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets
bugzilla·2014-12-19·CVSS 7.5
CVE-2014-9295 [HIGH] CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets
CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets
As per upstream NTP security advisory, multiple buffer overflows were reported in ntp daemon, details provided below
* Buffer overflow in crypto_recv()
When Autokey Authentication is enabled (i.e. the ntp.conf file contains a 'crypto pw ...' directive) a remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process.
This vulnerability was discovered by Stephen Roettger of the Google Security Team.
Mitigation:
Disable Autokey Authentication by removing, or commenting out, all configuration directives beginning with the crypto keyword in your ntp.conf file.
* Buffer overflow in ctl_putdata()
A
Bugzilla
CVE-2014-9296 CVE-2014-9294 CVE-2014-9295 CVE-2014-9293 ntp: various flaws [fedora-all]
bugzilla·2014-12-19·CVSS 7.5
CVE-2014-9296 [HIGH] CVE-2014-9296 CVE-2014-9294 CVE-2014-9295 CVE-2014-9293 ntp: various flaws [fedora-all]
CVE-2014-9296 CVE-2014-9294 CVE-2014-9295 CVE-2014-9293 ntp: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported ve
Bugzilla
CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()
bugzilla·2014-12-19·CVSS 7.5
CVE-2014-9293 [HIGH] CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()
CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()
As per upstream NTP security advisory:
If no 'auth' key is set in the configuration file, ntpd would generate a random key on the fly. There were two problems with this: 1) the generated key was 31 bits in size, and 2) it used the (now weak) ntp_random() function, which was seeded with a 32-bit value and could only provide 32 bits of entropy. This was sufficient back in the late 1990s when the code was written. Not today.
Mitigation: Upgrade to 4.2.7p11 or later.
This vulnerability was noticed in ntp-4.2.6 by Neel Mehta of the Google Security Team.
Discussion:
Upstream mentions the issue was fixed in 4.2.7p11. The following commit from between 4.2.7p10 and 4.2.7p11 seems to remove automatic auth key generati
arXiv
Dynamic Neural Control Flow Execution: An Agent-Based Deep Equilibrium Approach for Binary Vulnerability Detection
arxiv_fulltext·2024-04-03
Dynamic Neural Control Flow Execution: An Agent-Based Deep Equilibrium Approach for Binary Vulnerability Detection
Dynamic Neural Control Flow Execution: An Agent-Based Deep Equilibrium Approach for Binary Vulnerability Detection
[1]Litao Li
[1]Steven H. H. Ding
[2]Andrew Walenstein
[3]Philippe Charland
[4]Benjamin C. M. Fung
[1]L1NNA Lab, School of Computing, Queen's University, Canada
[2]BlackBerry Ltd., Canada
[3]Mission Critical Cyber Security Section, Defence R&D Canada
[4]Data Mining and Security (DMaS) Lab, McGill University, Canada
## Abstract
Software vulnerabilities are a challenge in cybersecurity. Manual security patches are often difficult and slow to be deployed, while new vulnerabilities are created. Binary code vulnerability detection is less studied and more complex compared to source code, and this has important practical implications. Deep learning has become an efficient and powe
arXiv
SAFE: Self-Attentive Function Embeddings for Binary Similarity
arxiv_fulltext·2019-12-19
SAFE: Self-Attentive Function Embeddings for Binary Similarity
for Binary Similarity
Luca Massarelli^ , Giuseppe Antonio Di Luna^ , Fabio Petroni^*,
Leonardo Querzoni^ , Roberto Baldoni^
: University of Rome Sapienza. \massarelli, querzoni, baldoni\@diag.uniroma1.it.
: CINI, National Laboratory of Cyber Security. [email protected].
*: Facebook AI Research, [email protected].
## Abstract
The binary similarity problem consists in determining if two functions are similar by only considering their compiled form. Advanced techniques for binary similarity recently gained momentum as they can be applied in several fields, such as copyright disputes, malware analysis, vulnerability detection, etc., and thus have an immediate practical impact. Current solutions compare functions by first transforming their binary code in multi-dimensional vector repres
arXiv
Software-Defined Adversarial Trajectory Sampling
arxiv_fulltext·2017-04-30
Software-Defined Adversarial Trajectory Sampling
Software-Defined Adversarial\ Sampling
Kashyap Thimmaraju^1 Liron Schiff^2 Stefan Schmid^1,3
^1 TU Berlin, Germany
^2 GuardiCore Labs, Israel
^3 Aalborg University, Denmark
## Abstract
Today's routing protocols critically rely on the assumption
that the underlying hardware is trusted.
Given the increasing number of attacks on
network devices, and recent reports on hardware
backdoors this
assumption has become questionable.
Indeed, with the critical role computer networks play today,
the contrast between our security assumptions and reality is problematic.
This paper presents Software-Defined Adversarial Trajectory Sampling ( ),
an OpenFlow-based mechanism to efficiently
monitor packet trajectories, also
in the presence of non-cooperating or even adversarial
switches or routers, e.g.,
http://advisories.mageia.org/MGASA-2014-0541.htmlhttp://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acc4dN1TbM1tRJrbPcA4yc1aTdAhttp://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cghttp://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97ghttp://bugs.ntp.org/show_bug.cgi?id=2667http://bugs.ntp.org/show_bug.cgi?id=2668http://bugs.ntp.org/show_bug.cgi?id=2669http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.htmlhttp://marc.info/?l=bugtraq&m=142469153211996&w=2http://marc.info/?l=bugtraq&m=142590659431171&w=2http://marc.info/?l=bugtraq&m=142853370924302&w=2http://marc.info/?l=bugtraq&m=144182594518755&w=2http://rhn.redhat.com/errata/RHSA-2014-2025.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0104.htmlhttp://secunia.com/advisories/62209http://support.ntp.org/bin/view/Main/SecurityNoticehttp://www.kb.cert.org/vuls/id/852879http://www.mandriva.com/security/advisories?name=MDVSA-2015:003http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/71761http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htmhttps://bugzilla.redhat.com/show_bug.cgi?id=1176037https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixeshttps://kc.mcafee.com/corporate/index?page=content&id=SB10103https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpdhttps://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8http://advisories.mageia.org/MGASA-2014-0541.htmlhttp://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acc4dN1TbM1tRJrbPcA4yc1aTdAhttp://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cghttp://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97ghttp://bugs.ntp.org/show_bug.cgi?id=2667http://bugs.ntp.org/show_bug.cgi?id=2668http://bugs.ntp.org/show_bug.cgi?id=2669http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.htmlhttp://marc.info/?l=bugtraq&m=142469153211996&w=2http://marc.info/?l=bugtraq&m=142590659431171&w=2http://marc.info/?l=bugtraq&m=142853370924302&w=2http://marc.info/?l=bugtraq&m=144182594518755&w=2http://rhn.redhat.com/errata/RHSA-2014-2025.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0104.htmlhttp://secunia.com/advisories/62209http://support.ntp.org/bin/view/Main/SecurityNoticehttp://www.kb.cert.org/vuls/id/852879http://www.mandriva.com/security/advisories?name=MDVSA-2015:003http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/71761http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htmhttps://bugzilla.redhat.com/show_bug.cgi?id=1176037https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixeshttps://kc.mcafee.com/corporate/index?page=content&id=SB10103https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpdhttps://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8
2014-12-20
Published