Support / Knowledge Base / Is the NET+OS development environment vulnerable to CVE-2014-9294?

Is the NET+OS development environment vulnerable to CVE-2014-9294?

Problem: A vulnerability was discovered in certain NTP implementations, specifically as described in, https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9294,
"util/ntp-keygen.c in ntp-keygen before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic mechanisms via brute-force attacks."

Analysis: The NTP (SNTP) implementation in the NET+OS development environment does not utilize SSL in the sending and receiving of packets. Thus it is not vulnerable to this attack.

Customer actions: No customer actions are required.

Citations:
"Vulnerability Summary for CVE-2014-9294". NIST. National Vulnerability Database.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9294

 
Last updated: Aug 08, 2017

Recently Viewed Articles

No recently viewed articles
Contact a Digi expert and get started today! Contact Us