Support / Knowledge Base / Is the NET+OS development environment vulnerable to CVE-2014-9295?

Is the NET+OS development environment vulnerable to CVE-2014-9295?

Problem: According to https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9295,
"Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl-putdata function, and (3) the configure function."

Analysis: The NTP(SNTP) implementation in the NET+OS development environment, does not use SSL encryption in the sending and receiving of packets. Thus the NET+OS development is not vulnerable to CVE-2914-9295.

Customer actions: No customer actions are required.

Citations:

"Vulnerability Summary for CVE-2014-9295". NIST. National Vulnerability Database.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9295

 
Last updated: Aug 08, 2017

Recently Viewed Articles

No recently viewed articles
Contact a Digi expert and get started today! Contact Us