Guest

Preview Tool

Cisco Bug: CSCus26956 - December 2014 - NTPd.org Vulnerabilities

Last Modified

May 13, 2018

Products (1)

  • Cisco Carrier Routing System

Known Affected Releases

3.9.0.BASE 4.1.0.BASE 4.2.0.BASE 4.3.0.BASE 4.4.0.BASE 5.1.0.BASE 5.2.0.BASE 5.3.0.BASE

Description (partial)

Symptom:
The following Cisco products

Cisco IOS XR Software running on:
NCS6K, NCS4K,ASR9K, CRS, C12K

CSCus26956 impacts all releases prior to XR 5.3.1.

include a version of NTPd that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-9293, CVE-2014-9294, CVE-2014-9295 and CVE-2014-9296

This bug has been opened to address the potential impact on this product.

Please consult http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd for further information.

Conditions:
Ntpd service runs by default on router.  All nodes in system sync to local clock of DLRSC node.

To configure ntp to sync to external server config cli is :: 
 
ntp server <IP>
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.