NTP Vuln - Cert VU#852879 / CVE-2014-9295

Reply
bat
L5 Sessionator

Re: NTP Vuln - Cert VU#852879 / CVE-2014-9295

coactive

I think this has been covered in Content release 478

L4 Transporter

Re: NTP Vuln - Cert VU#852879 / CVE-2014-9295

I can confirm, IPS signature for CVE-2014-9295 is included in content update 478.

L7 Applicator

Re: NTP Vuln - Cert VU#852879 / CVE-2014-9295

When you have a threat id number the best place to check is the threat vault.  Simply search on the number and it will return where the signature exists if there is one.

https://threatvault.paloaltonetworks.com/

Ntpd Remote Buffer Overflow Vulnerability

Signature ID : 37198

      

Description Ntp daemon 4.2.7 and earlier are prone to a buffer overflow vulnerability while parsing certain crafted NTP requests. The vulnerability is due to the lack of boundary checks while parsing certain arguments passed in a request. It could lead to an exploitable stack overflow. An attacker could exploit the vulnerability by sending a crafted NTP request that could allow remote code execution with the privileges of the server.
References http://www.kb.cert.org/vuls/id/852879
Severity critical
Category overflow
Default action alert
CVE CVE-2014-9295
Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!