Guest

Preview Tool

Cisco Bug: CSCus26891 - December 2014 - NTPd.org Vulnerabilities

Last Modified

Jan 29, 2017

Products (1)

  • Cisco IPICS Server Software

Known Affected Releases

4.0(1)

Description (partial)

Symptom:
Symptoms:

Cisco IP Interoperability and Collaboration System (IPICS) includes a version of NTPd that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-9293, CVE-2014-9294, CVE-2014-9295 and CVE-2014-9296

This product only allows processing of NTP control messages locally.

Please consult 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd for further information.

Conditions:
Affects IPICS 4.0(1), 4.0(2), 4.5(1), 4.5(2), 4.6(1), 4.7(1), 4.8(1), 4.8(2)

NTP is required by IPICS if you use the High Availability (HA) feature.

We are working on an OS patch called "ipics-os-security_patch-8.0-0_el5.bin" that will fix this, as well as other recent vulnerabilities.  We expect it to be available on CCO by Feb 15, 2015.

Customers running IPICS 4.0(x) or earlier will need to upgrade IPICS to a newer release.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.