Is the NET+OS development environment vulnerable to CVE-2014-9296

Problem: According to site,
"The receive function in ntp_proto.c in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association via crafted packet."

Analysis: The NET+OS development environment does not use the NTP (SNTP) referenced in the CV notice. Thus the NET+OS development environment is not vulnerable to this CVE-2014-9296.

Customer Actions: No customer actions are required.

Vulnerability Summary for CVE-2014-9296. NIST. National Vulnerability Database.
Last updated: Jan 01, 2024

Recently Viewed

No recently viewed articles

Did you find this article helpful?