CVE-2014-9296

Public on 2014-12-19
Modified on 2014-12-19
Description

A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism.

Severity
Low
See what this means
CVSS v3 Base Score
5.0
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 ntp 2014-12-19 14:00 ALAS-2014-462

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD CVSSv2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

References

Red Hat: CVE-2014-9296 Mitre: CVE-2014-9296 FAQs regarding Amazon Linux ALAS/CVE Severity