https://live.paloaltonetworks.com/t5/general-topics/ntp-vuln-cert-vu-852879-cve-2014-9295/m-p/24930#M18196 <HTML><HEAD></HEAD><BODY><P>When you have a threat id number the best place to check is the threat vault.&nbsp; Simply search on the number and it will return where the signature exists if there is one.</P><P></P><P><A href="https://threatvault.paloaltonetworks.com/" title="https://threatvault.paloaltonetworks.com/">https://threatvault.paloaltonetworks.com/</A></P><P></P><H1>Ntpd Remote Buffer Overflow Vulnerability</H1><P style="margin-left: 2px; margin-top: -15px;"> <SMALL> Signature ID : 37198<BR /> </SMALL> </P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><TABLE><TBODY><TR class="spaceunder" style="background: none repeat scroll 0% 0% #d6e1e7;"><TD> Description </TD><TD> Ntp daemon 4.2.7 and earlier are prone to a buffer overflow vulnerability while parsing certain crafted NTP requests. The vulnerability is due to the lack of boundary checks while parsing certain arguments passed in a request. It could lead to an exploitable stack overflow. An attacker could exploit the vulnerability by sending a crafted NTP request that could allow remote code execution with the privileges of the server. </TD></TR><TR class="spaceunder"><TD> References </TD><TD> <A href="http://www.kb.cert.org/vuls/id/852879" target="_blank">http://www.kb.cert.org/vuls/id/852879</A></TD></TR><TR class="spaceunder" style="background: none repeat scroll 0% 0% #d6e1e7;"><TD> Severity </TD><TD> critical </TD></TR><TR class="spaceunder"><TD> Category </TD><TD> overflow </TD></TR><TR class="spaceunder" style="background: none repeat scroll 0% 0% #d6e1e7;"><TD> Default action </TD><TD> alert </TD></TR><TR class="spaceunder"><TD> CVE </TD><TD> CVE-2014-9295 </TD></TR></TBODY></TABLE></BODY></HTML> Sat, 27 Dec 2014 15:57:08 GMT pulukas 2014-12-27T15:57:08Z https://live.paloaltonetworks.com/t5/general-topics/ntp-vuln-cert-vu-852879-cve-2014-9295/m-p/24927#M18193 <HTML><HEAD></HEAD><BODY><P><A href="https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01" title="https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01">Network Time Protocol Vulnerabilities | ICS-CERT</A></P><P></P><P><A href="http://support.ntp.org/bin/view/Main/SecurityNotice" title="http://support.ntp.org/bin/view/Main/SecurityNotice">http://support.ntp.org/bin/view/Main/SecurityNotice</A></P><P></P><P><A href="https://access.redhat.com/security/cve/CVE-2014-9295" title="https://access.redhat.com/security/cve/CVE-2014-9295">access.redhat.com | CVE-2014-9295</A></P><P></P><P><A href="http://arstechnica.com/security/2014/12/attack-code-exploiting-critical-bugs-in-net-time-sync-puts-servers-at-risk/">http://arstechnica.com/security/2014/12/attack-code-exploiting-critical-bugs-in-net-time-sync-puts-servers-at-risk/</A></P></BODY></HTML> Sun, 21 Dec 2014 02:58:36 GMT https://live.paloaltonetworks.com/t5/general-topics/ntp-vuln-cert-vu-852879-cve-2014-9295/m-p/24927#M18193 cmcguire-coactive 2014-12-21T02:58:36Z https://live.paloaltonetworks.com/t5/general-topics/ntp-vuln-cert-vu-852879-cve-2014-9295/m-p/24928#M18194 <HTML><HEAD></HEAD><BODY><P><A href="https://live.paloaltonetworks.com/u1/8889">coactive</A></P><P></P><P>I think this has been covered in Content release 478</P></BODY></HTML> Wed, 24 Dec 2014 08:58:41 GMT https://live.paloaltonetworks.com/t5/general-topics/ntp-vuln-cert-vu-852879-cve-2014-9295/m-p/24928#M18194 bat 2014-12-24T08:58:41Z https://live.paloaltonetworks.com/t5/general-topics/ntp-vuln-cert-vu-852879-cve-2014-9295/m-p/24929#M18195 <HTML><HEAD></HEAD><BODY><P>I can confirm, IPS signature for CVE-2014-9295 is included in content update 478.</P></BODY></HTML> Wed, 24 Dec 2014 11:02:55 GMT https://live.paloaltonetworks.com/t5/general-topics/ntp-vuln-cert-vu-852879-cve-2014-9295/m-p/24929#M18195 Retired Member 2014-12-24T11:02:55Z https://live.paloaltonetworks.com/t5/general-topics/ntp-vuln-cert-vu-852879-cve-2014-9295/m-p/24930#M18196 <HTML><HEAD></HEAD><BODY><P>When you have a threat id number the best place to check is the threat vault.&nbsp; Simply search on the number and it will return where the signature exists if there is one.</P><P></P><P><A href="https://threatvault.paloaltonetworks.com/" title="https://threatvault.paloaltonetworks.com/">https://threatvault.paloaltonetworks.com/</A></P><P></P><H1>Ntpd Remote Buffer Overflow Vulnerability</H1><P style="margin-left: 2px; margin-top: -15px;"> <SMALL> Signature ID : 37198<BR /> </SMALL> </P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><TABLE><TBODY><TR class="spaceunder" style="background: none repeat scroll 0% 0% #d6e1e7;"><TD> Description </TD><TD> Ntp daemon 4.2.7 and earlier are prone to a buffer overflow vulnerability while parsing certain crafted NTP requests. The vulnerability is due to the lack of boundary checks while parsing certain arguments passed in a request. It could lead to an exploitable stack overflow. An attacker could exploit the vulnerability by sending a crafted NTP request that could allow remote code execution with the privileges of the server. </TD></TR><TR class="spaceunder"><TD> References </TD><TD> <A href="http://www.kb.cert.org/vuls/id/852879" target="_blank">http://www.kb.cert.org/vuls/id/852879</A></TD></TR><TR class="spaceunder" style="background: none repeat scroll 0% 0% #d6e1e7;"><TD> Severity </TD><TD> critical </TD></TR><TR class="spaceunder"><TD> Category </TD><TD> overflow </TD></TR><TR class="spaceunder" style="background: none repeat scroll 0% 0% #d6e1e7;"><TD> Default action </TD><TD> alert </TD></TR><TR class="spaceunder"><TD> CVE </TD><TD> CVE-2014-9295 </TD></TR></TBODY></TABLE></BODY></HTML> Sat, 27 Dec 2014 15:57:08 GMT https://live.paloaltonetworks.com/t5/general-topics/ntp-vuln-cert-vu-852879-cve-2014-9295/m-p/24930#M18196 pulukas 2014-12-27T15:57:08Z