Description: This bulletin provides information regarding a vulnerability in the Network Time Protocol (NTP) Project NTP daemon (ntpd) documented by CVE-2014-9296. The ntpd version 4.2.7 and previous versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed.
The NTP Project daemon implementation is widely used in operating system distributions and network products. This vulnerability affects ntpd acting as a server or client on a system in which not only is authentication configured, but an authentication error occurs.
January 29, 2015
Applicable To The Following Products
This is here to prevent you from accidentally submitting twice.