Guest

Preview Tool

Cisco Bug: CSCus27395 - December 2014 - NTPd.org Vulnerabilities

Last Modified

Jun 29, 2018

Products (9)

  • Cisco Unified Communications Manager IM & Presence Service
  • Cisco Unified Communications Manager IM and Presence Service Version 10.5
  • Cisco Unified Communications Manager IM and Presence Service Version 9.1
  • Cisco Unified Communications Manager IM and Presence Service Version 9.0
  • Cisco Unified Presence Version 7.0
  • Cisco Unified Presence Version 8.5
  • Cisco Unified Communications Manager IM and Presence Service Version 10.0
  • Cisco Unified Presence Version 8.6
  • Cisco Unified Communications Manager IM and Presence Service Version 11.0

Known Affected Releases

10.0(1) 10.5(1) 10.5(2) 11.0(1) 5.0(1.36) 5.1(0.7) 6.0(2) 6.1(1) 7.0(1) 7.1(1) 8.0(4) 8.5(1) 8.6(2) 9.0(1) 9.1(1) 9.1(2)

Description (partial)



Symptom:

IM&P RHEL-5 and RHEL-6 servers includes a version of NTPd that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296

This product only allows processing of NTP control messages locally.

This bug has been opened to address the potential impact on this product.

Please consult http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd for further information.



Conditions:


< "Exposure is not configuration dependent.">



Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.