FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| 4033d826-87dd-11e4-9079-3c970e169bc2 | ntp -- multiple vulnerabilities
CERT reports:
The Network Time Protocol (NTP) provides networked
systems with a way to synchronize time for various
services and applications. ntpd version 4.2.7 and
previous versions allow attackers to overflow several
buffers in a way that may allow malicious code to
be executed. ntp-keygen prior to version 4.2.7p230
also uses a non-cryptographic random number generator
when generating symmetric keys.
The buffer overflow vulnerabilities in ntpd may
allow a remote unauthenticated attacker to execute
arbitrary malicious code with the privilege level
of the ntpd process. The weak default key and
non-cryptographic random number generator in
ntp-keygen may allow an attacker to gain
information regarding the integrity checking
and authentication encryption schemes.
Discovery 2014-12-19
Entry 2014-12-20
ntp
ntp-devel
< 4.2.8
CVE-2014-9293
CVE-2014-9294
CVE-2014-9295
CVE-2014-9296
http://www.kb.cert.org/vuls/id/852879
|