Guest

Preview Tool

Cisco Bug: CSCus26947 - December 2014 - NTPd.org Vulnerabilities

Last Modified

Jan 30, 2016

Products (1)

  • Cisco Enterprise CDN Software

Known Affected Releases

5.5(25)

Description (partial)



Symptom:

This product includes a version of NTPd that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:

Applicable to all ACNS 5.5.x  products.

VULNERABLE to Buffer overflow vulnerability with following CVE ID: CVE-2014-9295 

NOT VULNERABLE to NTP Authentication vulnerability with following CVE IDs -  CVE-2014-9293    CVE-2014-9294    

NOT VULNERABLE to missing return statement vulnerability issue with following CVE ID - CVE-2014-9296

This bug has been opened to address the potential impact on this product.



Conditions:

If NTP is enabled .

Configuration for enabling NTP is :
CE(conf)#ntp server<ip address or hostname of NTP server>


Additional Information:
------------------------------
Official fix version (s) name:  ACNS 5.5.39
Date of release:  06/04/2015 (6th April 2015)
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.