1
PublicDateAtUSN: 2014-12-19
2
Candidate: CVE-2014-9296
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
6
http://www.kb.cert.org/vuls/id/852879
7
http://cwe.mitre.org/data/definitions/389.html
8
http://support.ntp.org/bin/view/Main/SecurityNotice#receive_missing_return_on_error
9
https://usn.ubuntu.com/usn/usn-2449-1
11
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues
12
to execute after detecting a certain authentication error, which might
13
allow remote attackers to trigger an unintended association change via
18
http://bugs.ntp.org/show_bug.cgi?id=2670
19
https://bugs.launchpad.net/bugs/1404648
21
Discovered-by: Stephen Roettger
26
upstream: http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAg
27
upstream_ntp: released (4.2.8)
28
lucid_ntp: not-affected
29
precise_ntp: released (1:4.2.6.p3+dfsg-1ubuntu3.2)
30
trusty_ntp: released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.1)
31
utopic_ntp: released (1:4.2.6.p5+dfsg-3ubuntu2.14.10.1)
32
devel_ntp: released (1:4.2.6.p5+dfsg-3ubuntu3)